Options

OH SNAP!!! what the hell are these processes?

Unknown
edited November 2004 in Spyware & Virus Removal
Logfile of HijackThis v1.98.2
Scan saved at 7:09:04 PM, on 11/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\XP\System32\smss.exe
C:\XP\system32\winlogon.exe
C:\XP\system32\services.exe
C:\XP\system32\lsass.exe
C:\XP\system32\svchost.exe
C:\XP\System32\svchost.exe
C:\XP\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\XP\Explorer.EXE
C:\XP\System32\mqguard.exe
C:\XP\System32\windnsd.exe
C:\XP\System32\lsess.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\XP\System32\Msdoc.exe
C:\XP\RUNDLL16.EXE
C:\XP\System32\sysmsvc.exe
C:\XP\System32\MSrvs32.exe
C:\XP\System32\msndp.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Program Files\Opera7\opera.exe
C:\Program Files\Gaim\gaim.exe
C:\Documents and Settings\LordViperScorpion\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\XP\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Microsoft Documents] Msdoc.exe
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\XP\RUNDLL16.EXE
O4 - HKLM\..\Run: [Cryptographic Service] C:\XP\System32\gvbeempn.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Intel system works] iis.exe
O4 - HKLM\..\Run: [Microsoft Video Capture Controls] MSrvs32.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Msn Patch] msndp.exe
O4 - HKLM\..\RunServices: [Microsoft Documents] Msdoc.exe
O4 - HKLM\..\RunServices: [Intel system works] iis.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunServices: [Microsoft Video Capture Controls] MSrvs32.exe
O4 - HKLM\..\RunServices: [Msn Patch] msndp.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] MSrvs32.exe
O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Comments

  • MediaManMediaMan Powered by loose parts.
    edited November 2004
    moved by MM to correct forum.
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    l0l rofl u g0t /\/\4|_\/\/4R3!!!!!!!!!!!!11111111111111116

    I actually have never seen this one before, but I can come up with a solution for you.

    O4 - HKLM\..\Run: [Microsoft Documents] Msdoc.exe
    O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
    O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
    O4 - HKLM\..\Run: [Sysino] lsess.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\XP\RUNDLL16.EXE
    O4 - HKLM\..\Run: [Cryptographic Service] C:\XP\System32\gvbeempn.exe
    O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
    O4 - HKLM\..\Run: [Intel system works] iis.exe
    O4 - HKLM\..\Run: [Microsoft Video Capture Controls] MSrvs32.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\Run: [Msn Patch] msndp.exe
    O4 - HKLM\..\RunServices: [Microsoft Documents] Msdoc.exe
    O4 - HKLM\..\RunServices: [Intel system works] iis.exe
    O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
    O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
    O4 - HKLM\..\RunServices: [Microsoft Video Capture Controls] MSrvs32.exe
    O4 - HKLM\..\RunServices: [Msn Patch] msndp.exe
    O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
    O4 - HKLM\..\RunServices: [Sysino] lsess.exe
    O4 - HKLM\..\RunOnce: [Windows Network Controller] mqguard.exe
    O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
    O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
    O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
    O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
    O4 - HKCU\..\Run: [Sysino] lsess.exe
    O4 - HKCU\..\Run: [Microsoft Video Capture Controls] MSrvs32.exe
    O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
    O4 - HKCU\..\RunOnce: [Windows Network Controller] mqguard.exe
    O4 - HKCU\..\RunOnce: [Windows DNS Daemon] windnsd.exe

    Fix those entries then find and delete the following files:
    Msdoc.exe
    windnsd.exe
    mqguard.exe
    lsess.exe
    MSrvs32.exe
    msndp.exe
    iis.exe
    sysmsvc.exe
    C:\Program Files\Windows AdTools\
    C:\XP\System32\gvbeempn.exe
    C:\XP\RUNDLL16.EXE
    l0l.exe
    rofl.exe

    Then reboot and post a new log.
Sign In or Register to comment.