Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Assist with malware/BHO removals


  • This topic is locked This topic is locked

#1
untitled90

untitled90

    New Member

  • Member
  • Pip
  • 2 posts
hello. im new to this site due to a bit of viruses on this computer.
I just downloaded hijack this about 20 minutes ago
heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:02 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Common Files\AOL\Loader\aolload.exe
E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\WINDOWS\system32\HPZinw12.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CXMon] "E:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\system32\Isass.exe
O4 - HKLM\..\Run: [132afa3a] rundll32.exe "E:\WINDOWS\system32\cgnmfxwi.dll",b
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINDOWS\system32\algs.exe
O4 - HKLM\..\Run: [NvGraphicsInterface] E:\WINDOWS\system32\iluwwg.exe
O4 - HKLM\..\Run: [Windows Network Firewall] E:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] E:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] E:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINDOWS\system32\logon.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] E:\WINDOWS\system32\xnzrsmml.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\ygntbosk.dll",b
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6049] command /c del "E:\WINDOWS\system32\vtsqp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5139] cmd /c del "E:\WINDOWS\system32\vtsqp.dll_old"
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "E:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\RunOnce: [SpybotDeletingB2714] command /c del "E:\WINDOWS\system32\vtsqp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1079] cmd /c del "E:\WINDOWS\system32\vtsqp.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [Userinit] E:\WINDOWS\system32\inf\svchost.exe E:\WINDOWS\system32\lwisys16_071113.dll start
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = E:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: ѶQQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: e:\windows\system32\pmkjjgh.dll
O23 - Service: DomainService - Unknown owner - E:\WINDOWS\system32\lymmpruw.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - E:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - E:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Plugins Manager - Unknown owner - E:\WINDOWS\system32\svshost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe


im new to this stuff so im gonna need help on what to delete and what not to touch.
and thx VERY aprreciated
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello untitled90

Welcome to G2Go. :)
===================
The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free

==============================================================
Second:

After that Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
=============
Next:

After that Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
untitled90

untitled90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
hey again. thx for the intructions, but ive got trouble installing AVG.
while it was installing until near the end it said there was an installation on "avggamer.exe"(from what i recall) and the reason was said to be "Access is denied[5]"
so im wondering now if there is a way to fix that or if it is possible to skip it
and thx again
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes just skip it you have very bad infections that are messing it up.
Go ahead with the rest please. :)

Edited by kahdah, 27 January 2008 - 01:11 PM.

  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP