• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
sammcs

HiJackThis! Log... Please analyze...

4 posts in this topic

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:32:13 PM, on 1/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Owner\Desktop\cherryp.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutu.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: {55cd91bf-80f0-0c4b-3ef4-424bb6ac4ae1} - {1ea4ca6b-b424-4fe3-b4c0-0f08fb19dc55} - C:\WINDOWS\system32\rsqqurqw.dll (file missing)

O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\gebcdbb.dll

O2 - BHO: (no name) - {3B2559D5-E0D3-4286-A8F2-B97765969F00} - C:\WINDOWS\system32\avica.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {76FBE58E-4BE3-443B-9515-99FC823E429A} - C:\WINDOWS\system32\jkhhh.dll (file missing)

O2 - BHO: (no name) - {B61D8AAB-B03B-40DF-B460-AF6BFC74A2DD} - C:\WINDOWS\system32\vtutu.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA1096] command /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"

O4 - HKLM\..\RunOnce: [spybotDeletingC1385] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"

O4 - HKLM\..\RunOnce: [spybotDeletingA553] command /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC3239] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA4153] command /c del "C:\WINDOWS\system32\xcqkiupj.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA854] command /c del "C:\WINDOWS\system32\jkhhh.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC6568] cmd /c del "C:\WINDOWS\system32\jkhhh.dll_old"

O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Owner\Desktop\vundofix.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB8227] command /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"

O4 - HKCU\..\RunOnce: [spybotDeletingD9725] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"

O4 - HKCU\..\RunOnce: [spybotDeletingB8581] command /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD635] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB3905] command /c del "C:\WINDOWS\system32\xcqkiupj.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9378] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB1312] command /c del "C:\WINDOWS\system32\jkhhh.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD3371] cmd /c del "C:\WINDOWS\system32\jkhhh.dll_old"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198798258671

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198798247812

O20 - Winlogon Notify: gebcdbb - C:\WINDOWS\SYSTEM32\gebcdbb.dll

O20 - Winlogon Notify: xcqkiupj - xcqkiupj.dll (file missing)

 

--

End of file - 5293 bytes

 

Thanks for all the help! And cherryp.exe is HiJackThis!. I re-named it so various and sundry viruses and trojans couldn't detect it.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Familiarize yourself with this combofix tool.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

 

Download Combofix from any of the links below, and save it to your desktop.

 

Link 1

Link 2

Link 3

 

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

 

1. Disconnect from the internet.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Do not install any other programs until this if fixed.

--------------------------------------------------------------------

 

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

p.s. When you scan with HijackThis make sure you are in Normal Mode.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0