• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
CptBitterness

Please help - Win32:Trojan-Gen infection

2 posts in this topic

Hello - I've read the FAQ and am really grateful this site exists. Thanks in advance to anyone for their help.

 

While I've turned off System Restore and had Avast do multiple scans, nothing seems to be able to make this damn trojan go away. Here's my last Hijack This Logfile:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:32:46 PM, on 6/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Spyware Doctor\spydoctor.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

D:\program\soffice.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [zsecxc] "C:\WINDOWS\System32\zsecxc.exe"

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [gdreanl] "C:\WINDOWS\System32\gdreanl.exe"

O4 - HKLM\..\Run: [hwvjovl] "C:\WINDOWS\System32\hwvjovl.exe"

O4 - HKLM\..\Run: [ontupne] "C:\WINDOWS\System32\ontupne.exe"

O4 - HKLM\..\Run: [jjdehui] "C:\WINDOWS\System32\jjdehui.exe"

O4 - HKLM\..\Run: [nkrhjt] "C:\WINDOWS\System32\nkrhjt.exe"

O4 - HKLM\..\Run: [fqeuzl] "C:\WINDOWS\System32\fqeuzl.exe"

O4 - HKLM\..\Run: [ugdohlj] "C:\WINDOWS\System32\ugdohlj.exe"

O4 - HKLM\..\Run: [gfneqik] "C:\WINDOWS\System32\gfneqik.exe"

O4 - HKLM\..\Run: [gtzormc] "C:\WINDOWS\System32\gtzormc.exe"

O4 - HKLM\..\Run: [vqeobpb] "C:\WINDOWS\System32\vqeobpb.exe"

O4 - HKLM\..\Run: [znsyxlk] "C:\WINDOWS\System32\znsyxlk.exe"

O4 - HKLM\..\Run: [hzqjxdj] "C:\WINDOWS\System32\hzqjxdj.exe"

O4 - HKLM\..\Run: [myhhkjk] "C:\WINDOWS\System32\myhhkjk.exe"

O4 - HKLM\..\Run: [thltltl] "C:\WINDOWS\System32\thltltl.exe"

O4 - HKLM\..\Run: [mvebewg] "C:\WINDOWS\System32\mvebewg.exe"

O4 - HKLM\..\Run: [pqionag] "C:\WINDOWS\System32\pqionag.exe"

O4 - HKLM\..\Run: [tsexiph] "C:\WINDOWS\System32\tsexiph.exe"

O4 - HKLM\..\Run: [sscopjg] "C:\WINDOWS\System32\sscopjg.exe"

O4 - HKLM\..\Run: [xzrcydl] "C:\WINDOWS\System32\xzrcydl.exe"

O4 - HKLM\..\Run: [zyrmkgb] "C:\WINDOWS\System32\zyrmkgb.exe"

O4 - HKLM\..\Run: [dyjykne] "C:\WINDOWS\System32\dyjykne.exe"

O4 - HKLM\..\Run: [bwrmcbl] "C:\WINDOWS\System32\bwrmcbl.exe"

O4 - HKLM\..\Run: [kngilbn] "C:\WINDOWS\System32\kngilbn.exe"

O4 - HKLM\..\Run: [rjgkdvb] "C:\WINDOWS\System32\rjgkdvb.exe"

O4 - HKLM\..\Run: [zkcszdf] "C:\WINDOWS\System32\zkcszdf.exe"

O4 - HKLM\..\Run: [ktpnyel] "C:\WINDOWS\System32\ktpnyel.exe"

O4 - HKLM\..\Run: [ohggwrd] "C:\WINDOWS\System32\ohggwrd.exe"

O4 - HKLM\..\Run: [rcmcre] "C:\WINDOWS\System32\rcmcre.exe"

O4 - HKLM\..\Run: [ofunujl] "C:\WINDOWS\System32\ofunujl.exe"

O4 - HKLM\..\Run: [mekbbs] "C:\WINDOWS\System32\mekbbs.exe"

O4 - HKLM\..\Run: [ekdkjnc] "C:\WINDOWS\System32\ekdkjnc.exe"

O4 - HKLM\..\Run: [nrcdet] "C:\WINDOWS\System32\nrcdet.exe"

O4 - HKLM\..\Run: [gywxjnn] "C:\WINDOWS\System32\gywxjnn.exe"

O4 - HKLM\..\Run: [zlairy] "C:\WINDOWS\System32\zlairy.exe"

O4 - HKLM\..\Run: [yzbgnnd] "C:\WINDOWS\System32\yzbgnnd.exe"

O4 - HKLM\..\Run: [aoprpfc] "C:\WINDOWS\System32\aoprpfc.exe"

O4 - HKLM\..\Run: [hpkbntj] "C:\WINDOWS\System32\hpkbntj.exe"

O4 - HKLM\..\Run: [gkvluml] "C:\WINDOWS\System32\gkvluml.exe"

O4 - HKLM\..\Run: [ozgmuzm] "C:\WINDOWS\System32\ozgmuzm.exe"

O4 - HKLM\..\Run: [igshbl] "C:\WINDOWS\System32\igshbl.exe"

O4 - HKLM\..\Run: [uoeeqmh] "C:\WINDOWS\System32\uoeeqmh.exe"

O4 - HKLM\..\Run: [ihncmem] "C:\WINDOWS\System32\ihncmem.exe"

O4 - HKLM\..\Run: [rbqymhj] "C:\WINDOWS\System32\rbqymhj.exe"

O4 - HKLM\..\Run: [czobrgh] "C:\WINDOWS\System32\czobrgh.exe"

O4 - HKLM\..\Run: [sayaqgn] "C:\WINDOWS\System32\sayaqgn.exe"

O4 - HKLM\..\Run: [zyltpdc] "C:\WINDOWS\System32\zyltpdc.exe"

O4 - HKLM\..\Run: [dvnerxk] "C:\WINDOWS\System32\dvnerxk.exe"

O4 - HKLM\..\Run: [tcneblk] "C:\WINDOWS\System32\tcneblk.exe"

O4 - HKLM\..\Run: [mvrrwge] "C:\WINDOWS\System32\mvrrwge.exe"

O4 - HKLM\..\Run: [ebzbztk] "C:\WINDOWS\System32\ebzbztk.exe"

O4 - HKLM\..\Run: [ccjuyrb] "C:\WINDOWS\System32\ccjuyrb.exe"

O4 - HKLM\..\Run: [blqllqn] "C:\WINDOWS\System32\blqllqn.exe"

O4 - HKLM\..\Run: [fbyjbjf] "C:\WINDOWS\System32\fbyjbjf.exe"

O4 - HKLM\..\Run: [fazpuod] "C:\WINDOWS\System32\fazpuod.exe"

O4 - HKLM\..\Run: [oafyzmg] "C:\WINDOWS\System32\oafyzmg.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [rpbmiwd] "C:\WINDOWS\System32\rpbmiwd.exe"

O4 - HKLM\..\Run: [jhivmod] "C:\WINDOWS\System32\jhivmod.exe"

O4 - HKLM\..\Run: [zayjfkk] "C:\WINDOWS\System32\zayjfkk.exe"

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [drzhhxh] "C:\WINDOWS\System32\drzhhxh.exe"

O4 - HKLM\..\Run: [duhdlse] "C:\WINDOWS\System32\duhdlse.exe"

O4 - HKLM\..\Run: [obqaolj] "C:\WINDOWS\System32\obqaolj.exe"

O4 - HKLM\..\Run: [mwcjotl] "C:\WINDOWS\System32\mwcjotl.exe"

O4 - HKLM\..\Run: [ozwptoi] "C:\WINDOWS\System32\ozwptoi.exe"

O4 - HKLM\..\Run: [dvsoiye] "C:\WINDOWS\System32\dvsoiye.exe"

O4 - HKLM\..\Run: [scjlvoc] "C:\WINDOWS\System32\scjlvoc.exe"

O4 - HKLM\..\Run: [dyzhtxk] "C:\WINDOWS\System32\dyzhtxk.exe"

O4 - HKLM\..\Run: [cqalppg] "C:\WINDOWS\System32\cqalppg.exe"

O4 - HKLM\..\Run: [kfemgvg] "C:\WINDOWS\System32\kfemgvg.exe"

O4 - HKLM\..\Run: [erobcge] "C:\WINDOWS\System32\erobcge.exe"

O4 - HKLM\..\Run: [amdcmsl] "C:\WINDOWS\System32\amdcmsl.exe"

O4 - HKLM\..\Run: [yzpqban] "C:\WINDOWS\System32\yzpqban.exe"

O4 - HKLM\..\Run: [hkjtmc] "C:\WINDOWS\System32\hkjtmc.exe"

O4 - HKLM\..\Run: [cgjvjyj] "C:\WINDOWS\System32\cgjvjyj.exe"

O4 - HKLM\..\Run: [ucmlqjn] "C:\WINDOWS\System32\ucmlqjn.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [hmggzkj] "C:\WINDOWS\System32\hmggzkj.exe"

O4 - HKLM\..\Run: [mzanijn] "C:\WINDOWS\System32\mzanijn.exe"

O4 - HKLM\..\Run: [kywijig] "C:\WINDOWS\System32\kywijig.exe"

O4 - HKLM\..\Run: [yftlzyj] "C:\WINDOWS\System32\yftlzyj.exe"

O4 - HKLM\..\Run: [keheth] "C:\WINDOWS\System32\keheth.exe"

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q

O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\program\quickstart.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...363/mcfscan.cab

 

Thanks again for your time.

Share this post


Link to post
Share on other sites

My problem has been found and fixed by a friend IRL, so thanks to any of you who at least looked at it.

 

Thanks again to all of you for having a forum like this, regardless.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0