Help - Search - Members - Calendar
Full Version: ssdd
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Evilpasta
May 15 2008, 03:24 PM
aloha. thanks in advance for your time. its very much appreciated. k, im on my bosses pc. whoa. its not in the best of shape. heres the deal as far as i can see. ad-aware n spybot find many many of the usual suspects. virtumonde,av-gold,smitfraud......i can only run in safe mode. when i go to windows, i just get a splash screen sayin i need to install spyware software. spybot wont finish after reboot run. so, heres the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:06 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [7cadb3c4] rundll32.exe "C:\WINDOWS\system32\lnysxkxm.dll",b
O4 - HKLM\..\Run: [BM7f9e8058] Rundll32.exe "C:\WINDOWS\system32\yuyuvysx.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC1948] cmd /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8807] command /c del "C:\Program Files\AntiVirGear 3.7\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3638] cmd /c del "C:\Program Files\AntiVirGear 3.7\blacklist.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6354] command /c del "C:\Program Files\AntiVirGear 3.7\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4093] cmd /c del "C:\Program Files\AntiVirGear 3.7\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2386] command /c del "C:\Program Files\AntiVirGear 3.7\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8449] cmd /c del "C:\Program Files\AntiVirGear 3.7\msvcr71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7029] command /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6694] cmd /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3528] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9101] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf2.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8610] command /c del "C:\WINDOWS\system32\txxkb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4577] cmd /c del "C:\WINDOWS\system32\txxkb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1851] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf4.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7025] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf4.exe_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\Owner\LOCALS~1\Temp\ms1210803330.exe work
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKCU\..\RunOnce: [SpybotDeletingB3891] command /c del "C:\Documents and Settings\Owner\Start Menu\Programs\AntiVirGear 3.7\AntiVirGear 3.7.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6019] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Programs\AntiVirGear 3.7\AntiVirGear 3.7.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8934] command /c del "C:\Documents and Settings\Owner\Start Menu\Programs\AntiVirGear 3.7\Uninstall AntiVirGear 3.7.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8766] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Programs\AntiVirGear 3.7\Uninstall AntiVirGear 3.7.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7694] command /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8432] cmd /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4233] command /c del "C:\Program Files\AntiVirGear 3.7\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4444] cmd /c del "C:\Program Files\AntiVirGear 3.7\blacklist.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8124] command /c del "C:\Program Files\AntiVirGear 3.7\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5314] cmd /c del "C:\Program Files\AntiVirGear 3.7\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5448] command /c del "C:\Program Files\AntiVirGear 3.7\msvcr71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2865] cmd /c del "C:\Program Files\AntiVirGear 3.7\msvcr71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5090] command /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1218] cmd /c del "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1511] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf2.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5651] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf2.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6743] command /c del "C:\WINDOWS\system32\txxkb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5581] cmd /c del "C:\WINDOWS\system32\txxkb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7224] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf4.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3843] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\laf4.exe_old"
O4 - HKLM\..\Policies\Explorer\Run: [BiGNZWXByV] C:\Documents and Settings\All Users\Application Data\rijoxgfy\fajwngfg.exe
O4 - HKUS\S-1-5-18\..\Run: [hngutkcn] C:\WINDOWS\system32\tgnqlalk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [hngutkcn] C:\WINDOWS\system32\tgnqlalk.exe (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210803767781
O21 - SSODL: mpfanvqg - {F29415DC-D355-4187-BAAD-8A5DCF6DBCBD} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {0C8AEA89-7CA8-4616-B545-212639A9C88B} - C:\WINDOWS\vbksrofa.dll
O22 - SharedTaskScheduler: comitatus - {98013eb8-258b-4979-bfd5-04ecd93f765c} - C:\WINDOWS\system32\txxkb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8366 bytes

once again, thank you for your time. =)
Evilpasta
May 15 2008, 03:30 PM
my sincerest apologies on the double post. with all the pop ups n stuff i hit it twice
Blade81
May 20 2008, 07:10 PM
Hi

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file & a fresh hjt log in your next reply.
Blade81
Jun 3 2008, 06:46 AM
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.