Jump to content


Photo

Please help - Win32:Trojan-Gen infection


  • Please log in to reply
1 reply to this topic

#1 CptBitterness

CptBitterness

    Member

  • New Member
  • Pip
  • 2 posts

Posted 25 June 2004 - 12:42 AM

Hello - I've read the FAQ and am really grateful this site exists. Thanks in advance to anyone for their help.

While I've turned off System Restore and had Avast do multiple scans, nothing seems to be able to make this damn trojan go away. Here's my last Hijack This Logfile:

Logfile of HijackThis v1.97.7
Scan saved at 11:32:46 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
D:\program\soffice.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zsecxc] "C:\WINDOWS\System32\zsecxc.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [gdreanl] "C:\WINDOWS\System32\gdreanl.exe"
O4 - HKLM\..\Run: [hwvjovl] "C:\WINDOWS\System32\hwvjovl.exe"
O4 - HKLM\..\Run: [ontupne] "C:\WINDOWS\System32\ontupne.exe"
O4 - HKLM\..\Run: [jjdehui] "C:\WINDOWS\System32\jjdehui.exe"
O4 - HKLM\..\Run: [nkrhjt] "C:\WINDOWS\System32\nkrhjt.exe"
O4 - HKLM\..\Run: [fqeuzl] "C:\WINDOWS\System32\fqeuzl.exe"
O4 - HKLM\..\Run: [ugdohlj] "C:\WINDOWS\System32\ugdohlj.exe"
O4 - HKLM\..\Run: [gfneqik] "C:\WINDOWS\System32\gfneqik.exe"
O4 - HKLM\..\Run: [gtzormc] "C:\WINDOWS\System32\gtzormc.exe"
O4 - HKLM\..\Run: [vqeobpb] "C:\WINDOWS\System32\vqeobpb.exe"
O4 - HKLM\..\Run: [znsyxlk] "C:\WINDOWS\System32\znsyxlk.exe"
O4 - HKLM\..\Run: [hzqjxdj] "C:\WINDOWS\System32\hzqjxdj.exe"
O4 - HKLM\..\Run: [myhhkjk] "C:\WINDOWS\System32\myhhkjk.exe"
O4 - HKLM\..\Run: [thltltl] "C:\WINDOWS\System32\thltltl.exe"
O4 - HKLM\..\Run: [mvebewg] "C:\WINDOWS\System32\mvebewg.exe"
O4 - HKLM\..\Run: [pqionag] "C:\WINDOWS\System32\pqionag.exe"
O4 - HKLM\..\Run: [tsexiph] "C:\WINDOWS\System32\tsexiph.exe"
O4 - HKLM\..\Run: [sscopjg] "C:\WINDOWS\System32\sscopjg.exe"
O4 - HKLM\..\Run: [xzrcydl] "C:\WINDOWS\System32\xzrcydl.exe"
O4 - HKLM\..\Run: [zyrmkgb] "C:\WINDOWS\System32\zyrmkgb.exe"
O4 - HKLM\..\Run: [dyjykne] "C:\WINDOWS\System32\dyjykne.exe"
O4 - HKLM\..\Run: [bwrmcbl] "C:\WINDOWS\System32\bwrmcbl.exe"
O4 - HKLM\..\Run: [kngilbn] "C:\WINDOWS\System32\kngilbn.exe"
O4 - HKLM\..\Run: [rjgkdvb] "C:\WINDOWS\System32\rjgkdvb.exe"
O4 - HKLM\..\Run: [zkcszdf] "C:\WINDOWS\System32\zkcszdf.exe"
O4 - HKLM\..\Run: [ktpnyel] "C:\WINDOWS\System32\ktpnyel.exe"
O4 - HKLM\..\Run: [ohggwrd] "C:\WINDOWS\System32\ohggwrd.exe"
O4 - HKLM\..\Run: [rcmcre] "C:\WINDOWS\System32\rcmcre.exe"
O4 - HKLM\..\Run: [ofunujl] "C:\WINDOWS\System32\ofunujl.exe"
O4 - HKLM\..\Run: [mekbbs] "C:\WINDOWS\System32\mekbbs.exe"
O4 - HKLM\..\Run: [ekdkjnc] "C:\WINDOWS\System32\ekdkjnc.exe"
O4 - HKLM\..\Run: [nrcdet] "C:\WINDOWS\System32\nrcdet.exe"
O4 - HKLM\..\Run: [gywxjnn] "C:\WINDOWS\System32\gywxjnn.exe"
O4 - HKLM\..\Run: [zlairy] "C:\WINDOWS\System32\zlairy.exe"
O4 - HKLM\..\Run: [yzbgnnd] "C:\WINDOWS\System32\yzbgnnd.exe"
O4 - HKLM\..\Run: [aoprpfc] "C:\WINDOWS\System32\aoprpfc.exe"
O4 - HKLM\..\Run: [hpkbntj] "C:\WINDOWS\System32\hpkbntj.exe"
O4 - HKLM\..\Run: [gkvluml] "C:\WINDOWS\System32\gkvluml.exe"
O4 - HKLM\..\Run: [ozgmuzm] "C:\WINDOWS\System32\ozgmuzm.exe"
O4 - HKLM\..\Run: [igshbl] "C:\WINDOWS\System32\igshbl.exe"
O4 - HKLM\..\Run: [uoeeqmh] "C:\WINDOWS\System32\uoeeqmh.exe"
O4 - HKLM\..\Run: [ihncmem] "C:\WINDOWS\System32\ihncmem.exe"
O4 - HKLM\..\Run: [rbqymhj] "C:\WINDOWS\System32\rbqymhj.exe"
O4 - HKLM\..\Run: [czobrgh] "C:\WINDOWS\System32\czobrgh.exe"
O4 - HKLM\..\Run: [sayaqgn] "C:\WINDOWS\System32\sayaqgn.exe"
O4 - HKLM\..\Run: [zyltpdc] "C:\WINDOWS\System32\zyltpdc.exe"
O4 - HKLM\..\Run: [dvnerxk] "C:\WINDOWS\System32\dvnerxk.exe"
O4 - HKLM\..\Run: [tcneblk] "C:\WINDOWS\System32\tcneblk.exe"
O4 - HKLM\..\Run: [mvrrwge] "C:\WINDOWS\System32\mvrrwge.exe"
O4 - HKLM\..\Run: [ebzbztk] "C:\WINDOWS\System32\ebzbztk.exe"
O4 - HKLM\..\Run: [ccjuyrb] "C:\WINDOWS\System32\ccjuyrb.exe"
O4 - HKLM\..\Run: [blqllqn] "C:\WINDOWS\System32\blqllqn.exe"
O4 - HKLM\..\Run: [fbyjbjf] "C:\WINDOWS\System32\fbyjbjf.exe"
O4 - HKLM\..\Run: [fazpuod] "C:\WINDOWS\System32\fazpuod.exe"
O4 - HKLM\..\Run: [oafyzmg] "C:\WINDOWS\System32\oafyzmg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [rpbmiwd] "C:\WINDOWS\System32\rpbmiwd.exe"
O4 - HKLM\..\Run: [jhivmod] "C:\WINDOWS\System32\jhivmod.exe"
O4 - HKLM\..\Run: [zayjfkk] "C:\WINDOWS\System32\zayjfkk.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [drzhhxh] "C:\WINDOWS\System32\drzhhxh.exe"
O4 - HKLM\..\Run: [duhdlse] "C:\WINDOWS\System32\duhdlse.exe"
O4 - HKLM\..\Run: [obqaolj] "C:\WINDOWS\System32\obqaolj.exe"
O4 - HKLM\..\Run: [mwcjotl] "C:\WINDOWS\System32\mwcjotl.exe"
O4 - HKLM\..\Run: [ozwptoi] "C:\WINDOWS\System32\ozwptoi.exe"
O4 - HKLM\..\Run: [dvsoiye] "C:\WINDOWS\System32\dvsoiye.exe"
O4 - HKLM\..\Run: [scjlvoc] "C:\WINDOWS\System32\scjlvoc.exe"
O4 - HKLM\..\Run: [dyzhtxk] "C:\WINDOWS\System32\dyzhtxk.exe"
O4 - HKLM\..\Run: [cqalppg] "C:\WINDOWS\System32\cqalppg.exe"
O4 - HKLM\..\Run: [kfemgvg] "C:\WINDOWS\System32\kfemgvg.exe"
O4 - HKLM\..\Run: [erobcge] "C:\WINDOWS\System32\erobcge.exe"
O4 - HKLM\..\Run: [amdcmsl] "C:\WINDOWS\System32\amdcmsl.exe"
O4 - HKLM\..\Run: [yzpqban] "C:\WINDOWS\System32\yzpqban.exe"
O4 - HKLM\..\Run: [hkjtmc] "C:\WINDOWS\System32\hkjtmc.exe"
O4 - HKLM\..\Run: [cgjvjyj] "C:\WINDOWS\System32\cgjvjyj.exe"
O4 - HKLM\..\Run: [ucmlqjn] "C:\WINDOWS\System32\ucmlqjn.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [hmggzkj] "C:\WINDOWS\System32\hmggzkj.exe"
O4 - HKLM\..\Run: [mzanijn] "C:\WINDOWS\System32\mzanijn.exe"
O4 - HKLM\..\Run: [kywijig] "C:\WINDOWS\System32\kywijig.exe"
O4 - HKLM\..\Run: [yftlzyj] "C:\WINDOWS\System32\yftlzyj.exe"
O4 - HKLM\..\Run: [keheth] "C:\WINDOWS\System32\keheth.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\program\quickstart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...363/mcfscan.cab

Thanks again for your time.

#2 CptBitterness

CptBitterness

    Member

  • New Member
  • Pip
  • 2 posts

Posted 28 June 2004 - 04:44 AM

My problem has been found and fixed by a friend IRL, so thanks to any of you who at least looked at it.

Thanks again to all of you for having a forum like this, regardless.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button