• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1160
  • Last Modified:

trendmicro, hijackthis, 2.0, windows/system32/__c004410C.dat

Hijackthis is unable to remove this entry.

windows/system32/__c004410C.dat

i think this is causing popups on my computer everytime i try to surf the web.

I recently remove a popup porgram called "virus protect pro" that was hijacking my computer.

I have already tried AVG antispy, Spybot, and AVG Antivirus,  none of these seem to work

any Ideas?
0
NHChats
Asked:
NHChats
  • 5
  • 3
  • 3
  • +6
1 Solution
 
SheharyaarSaahilCommented:
try running Superantispyware with the latest updates under safemode
http://www.superantispyware.com/

if the problem remains, please post a fresh hjt log using the Analyse button on www.hijackthis.de
0
 
orangutangCommented:
Also, try removing it with IceSword (http://mail.ustc.edu.cn/%7Ejfpan/download/IceSword122en.zip)
0
 
and235100Commented:
Run an online scan here:
http://housecall.trendmicro.com/

0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
nobusCommented:
i disagree with the above, AVG gets very good scores, while symantec does not.
try removing that file with killbox :  www.bleepingcomputer.com/files/killbox.php
0
 
rpggamergirlCommented:
Hijackthis can't fix entries if the infection is still active, especially the 020 lines,
Show us which entry in hijackthis is the file located(or show us the whole log)
If Killbox can't delete it I'm fairly sure we can remove it using other tools.
0
 
NHChatsAuthor Commented:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:26 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\AOL\1142829208\ee\aolsoftware.exe
c:\program files\common files\aol\1142829208\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1142829208\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142761982562
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004410C.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6729 bytes
0
 
and235100Commented:
Have you tried removing the entry from within Safe Mode?
0
 
rpggamergirlCommented:
Do this.
Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip

   *Click on Avenger.zip to open the file
   *Extract avenger.exe to your desktop

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy, then paste the following text(all text/characters inside the lines below):

-----------------------------------------------------------------------------------------------------
Files to delete:
C:\WINDOWS\system32\__c004410C.dat

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
-----------------------------------------------------------------------------------------------------

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
0
 
Frank-MahonCommented:
Go to :http://www.ubcd4win.com/ and get the "Ultimate Boot CD for Windows", it's free.  Boot from the CD and you can use their tools to rid your system of spyware and virii, here's a list of some of the apps on the CD:

Anti-Spyware Tools:

aSquared Free       3.0.0.13      Scans remote hard drives for spyware, etc.
AdAware      1.06 SE      Scans remote hard drives for spyware, etc.
CWShredder      2.16      Finds and removes traces of CoolWebSearch hijacker.
EzPCFix      ??      Helpful tool when trying to remove viruses, spyware, other troublesome advertising programs, and malware from your computer.
Hijack This      2.0      General browser hijacker detector and remover
Rootkitty      ?      Very new tool in development, searches a system for rootkits
Spy Bot      1.4      Effectively scans remote hard drives for spyware/malware!
WinSock Fix       1.2      Used to repair WinSock errors
XBlock      B 39224       Effectively scans remote hard drives for spyware/malware!

AntiVirus Tools:

AVG      7.5.472      Excellent full featured freeware AntiVirus software
AVPersonal      7.04      Good full featured freeware AntiVirus software
Avast! Tool       1.0.211      Scans for a limited number of viruses
McAfee Stinger      2.6.0      Scans for a limited number of viruses
Dr.Web CureIT      4.33.2      AntiVirus software
0
 
NHChatsAuthor Commented:
Critical information:

Part of the problem with some of these solutions is that i am doing all of the trouble shooting remotely.  i am trying to fix the problem for a client who is in another state.  i am currently using "GOTOMYPC" to remote into the clients computer.  

Not being able to be infront of the computer is a problem
0
 
NHChatsAuthor Commented:
Kelly's computer
0
 
SheharyaarSaahilCommented:
what's the current situation of the machine?
0
 
NHChatsAuthor Commented:
still same problem!
0
 
orangutangCommented:
Have you tried a new SUPERAntiSpyware scan?
0
 
nobusCommented:
try running all these, updated :
     adaware :      http://www.lavasoftusa.com/
     Spybot :        http://www.download.com/3000-8022-10122137.html
http://housecall.trendmicro.com/                                                               online scan for trojans
0
 
mperez738Commented:
Try running ComboFix, in safe mode!  then run SmitfraudFix windows and then run SDFix in safe mode.  you could try running fixwareout.exe in windows.

then try running counterspy.exe  and Hijakthis.exe and locate the registry files that are corrupted, back up first then manually remove them.
0
 
SYL123Commented:
I am having the same problem with my daughters computer.
So what is the solution.

ComboFix, Smitfraudfix and SDfix ?
0
 
nobusCommented:
please, post your question in a separate thread..
0
 
SYL123Commented:
posted
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 5
  • 3
  • 3
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now