Jump to content


Photo

HiJackThis! Log... Please analyze...


  • This topic is locked This topic is locked
3 replies to this topic

#1 sammcs

sammcs

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 13 January 2008 - 02:51 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:13 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\cherryp.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {55cd91bf-80f0-0c4b-3ef4-424bb6ac4ae1} - {1ea4ca6b-b424-4fe3-b4c0-0f08fb19dc55} - C:\WINDOWS\system32\rsqqurqw.dll (file missing)
O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\gebcdbb.dll
O2 - BHO: (no name) - {3B2559D5-E0D3-4286-A8F2-B97765969F00} - C:\WINDOWS\system32\avica.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {76FBE58E-4BE3-443B-9515-99FC823E429A} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {B61D8AAB-B03B-40DF-B460-AF6BFC74A2DD} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1096] command /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1385] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA553] command /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3239] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4153] command /c del "C:\WINDOWS\system32\xcqkiupj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA854] command /c del "C:\WINDOWS\system32\jkhhh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6568] cmd /c del "C:\WINDOWS\system32\jkhhh.dll_old"
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Owner\Desktop\vundofix.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8227] command /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9725] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8581] command /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD635] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3905] command /c del "C:\WINDOWS\system32\xcqkiupj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9378] cmd /c del "C:\WINDOWS\system32\xcqkiupj.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1312] command /c del "C:\WINDOWS\system32\jkhhh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3371] cmd /c del "C:\WINDOWS\system32\jkhhh.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198798258671
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198798247812
O20 - Winlogon Notify: gebcdbb - C:\WINDOWS\SYSTEM32\gebcdbb.dll
O20 - Winlogon Notify: xcqkiupj - xcqkiupj.dll (file missing)

--
End of file - 5293 bytes

Thanks for all the help! And cherryp.exe is HiJackThis!. I re-named it so various and sundry viruses and trojans couldn't detect it.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 16 January 2008 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 22 January 2008 - 10:23 AM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Familiarize yourself with this combofix tool.
http://www.bleepingc...to-use-combofix

It's IMPORTANT to carry out the instructions in the sequence listed below.
***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


p.s. When you scan with HijackThis make sure you are in Normal Mode.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 03 February 2008 - 09:38 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button