|
-
April 22nd, 2007, 02:29 PM
#1
i have no idea what is wrong...hijack this log
hey...my i have 2 hard drives right now just so i had something in case something happens...like right now for example. my main hard drive...which has everything i actually need on it is infected with something. windows says its spyware or adware, but it wont let me install programs...it will just shut off. it used to not boot up at all. now it DOES boot up but i dont have a desktop background anymore. alot of times i cant click icons on it either, and its going extremely slow. i used lavasoft's ad-aware professional AND spy sweeper about 18 times now and ive deleted EVERYTHING that has come up (adware, trojan downloaders) but more just keeps coming, and now my windows says something is missing from it. i wanted to try and repair windows....but after i select which OS i want to fix it asks for the administrator password...i dont have one, so i just press enter...then it says something like E:\windows (my hard drive is on E, not C) and it doesnt go any further...it wants me to type something...im just really confused right now....here is my hijack this log file.
Logfile of HijackThis v1.99.1
Scan saved at 12:46:54 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
E:\WINDOWS\SVCHOST.EXE
E:\WINDOWS\Explorer.EXE
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\windows\system32\uvnx.exe
E:\WINDOWS\updater.exe
E:\WINDOWS\ms054841610871.exe
E:\WINDOWS\ms041484161087.exe
E:\WINDOWS\system32\spoolsvv.exe
E:\Program Files\America Online 9.0d\waol.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Ipwindows\ipwins.exe
E:\Program Files\11g USB adapter\Wifiusb.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\America Online 9.0d\shellmon.exe
E:\WINDOWS\system32\wuauclt.exe
e:\program files\internet explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Gilbert\Desktop\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1170194214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] E:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] E:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] E:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [uvnx] e:\windows\system32\uvnx.exe
O4 - HKLM\..\Run: [runner1] E:\WINDOWS\updater.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{C9-91-18-80-ZN}] e:\windows\system32\vdsreg.exe SKY001
O4 - HKLM\..\Run: [Configuration Manager] E:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ms054841610871] E:\WINDOWS\ms054841610871.exe
O4 - HKLM\..\Run: [ms041484161087] E:\WINDOWS\ms041484161087.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "E:\WINDOWS\system32\__c00DC98A.dat",setvm
O4 - HKLM\..\Run: [System] E:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [WindowsHive] E:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [spoolsvv] E:\WINDOWS\system32\spoolsvv.exe
O4 - HKCU\..\Run: [Elus] "E:\PROGRA~1\COMMON~1\SCURIT~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Gbf] "E:\Program Files\Common Files\W?nSxS\w?nword.exe" 99001275
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebBuying] E:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - HKCU\..\Run: [DeluxeCommunications] E:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [A00F23328F.exe] E:\DOCUME~1\Gilbert\LOCALS~1\Temp\_A00F23328F.exe
O4 - HKCU\..\Run: [A00F244854.exe] E:\DOCUME~1\Gilbert\LOCALS~1\Temp\_A00F244854.exe
O4 - HKCU\..\Run: [A00F247FCF.exe] E:\DOCUME~1\Gilbert\LOCALS~1\Temp\_A00F247FCF.exe
O4 - HKCU\..\Run: [A00F250F1F.exe] E:\DOCUME~1\Gilbert\LOCALS~1\Temp\_A00F250F1F.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [IpWins] E:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: 802.11g USB adapter.lnk = E:\Program Files\11g USB adapter\Wifiusb.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{440A0F21-ABB4-4701-B9EA-24FA14D02710}: NameServer = 63.226.12.96
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A4716F9-F9A8-4F73-B82C-6158ACCBF285}: NameServer = 63.226.12.96
O17 - HKLM\System\CS1\Services\Tcpip\..\{440A0F21-ABB4-4701-B9EA-24FA14D02710}: NameServer = 63.226.12.96
O17 - HKLM\System\CS2\Services\Tcpip\..\{440A0F21-ABB4-4701-B9EA-24FA14D02710}: NameServer = 63.226.12.96
O17 - HKLM\System\CS3\Services\Tcpip\..\{440A0F21-ABB4-4701-B9EA-24FA14D02710}: NameServer = 63.226.12.96
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O21 - SSODL: OtpeegYpOn - {40CC9181-EA66-3B2B-CB88-5DD269FC4B92} - E:\WINDOWS\system32\leh.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: General Socket Service - Unknown owner - E:\WINDOWS\SVCHOST.EXE
-
April 22nd, 2007, 04:26 PM
#2
Hello, there!
What a mess you got there 
I must warn that one or more of the identified infections is a backdoor trojan
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.
You do not seem to be having any ANTIVIRUS Sofware Installed on your system. This is a necessary component for your computer's security.
Following are the links of two good antivirus (these are also free for personal use, install one of em):
Avast Home Edition
AVG Anti-Virus
I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.
Please let us know what you have decided to do in your next post 
Last edited by Rahina Rescue; April 22nd, 2007 at 04:34 PM.
-
April 22nd, 2007, 04:51 PM
#3
im going to download the antivirus software and then post a hijackthis log.
-
April 22nd, 2007, 04:55 PM
#4
the last thing i want to do it reformat...ive had to do it numerous times...this time i just cant...i have many programs i no longer have installation software for and alot of other things like that
-
April 22nd, 2007, 04:57 PM
#5
Alright then, i will be waiting 
-
April 22nd, 2007, 06:14 PM
#6
here is my new hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 5:06:42 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\ms054841610871.exe
E:\WINDOWS\ms041484161087.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\11g USB adapter\Wifiusb.exe
E:\Program Files\America Online 9.0d\waol.exe
E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
e:\program files\internet explorer\iexplore.exe
E:\Program Files\America Online 9.0d\shellmon.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Gilbert\Desktop\HijackThis.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1170194214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] E:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ms054841610871] E:\WINDOWS\ms054841610871.exe
O4 - HKLM\..\Run: [ms041484161087] E:\WINDOWS\ms041484161087.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Elus] "E:\PROGRA~1\COMMON~1\SCURIT~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 802.11g USB adapter.lnk = E:\Program Files\11g USB adapter\Wifiusb.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\thqwamausyw.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
-
April 23rd, 2007, 04:44 AM
#7
Did you fix lines with hijackthis already? i hope you did not because you should not touch that program if you do not know what you are doing.
Let me know thanks.
-
April 23rd, 2007, 03:09 PM
#8
yea i did...i had done that before your first reply
-
April 23rd, 2007, 03:10 PM
#9
i went on one of those "hijackthis analyzer" pages....i deleted what it told me to delete and nothing more.
-
April 23rd, 2007, 05:10 PM
#10
You can not trust those Automatic Analysers at all, that is a rule you should keep in mind.
An Automatic analyser can not identifye specific Infections, and it does not tell you what program or actions should be done to deal with it.
Only a Human Trained eye knows how to fight against.
Hijackthis is not always the main tool to treat Infections, i hope you understand that.
If you appreciate my help at all you could probably show some respect by following my instructions. If there's something you do not understand please do ask.
We'll continue.
Step #1
We Have to move Hijackthis to it's own folder because In it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later
Click START>My Computer >right click Local Disk (usually (C for most people)>Explore.
Right click an open area in the main panel.
Select New > Folder.
Type in HJT & press Enter
Now We have Created C:\HJT\ folder. Put your HijackThis.exe there.
Step #2
- Please download LSPFix
- Run the LSPFix.exe that you have just finished downloading.
- Check the I know what I'm doing box.
- In the Keep box you should see one or more instances of thqwamausyw.dll
- Select every instance of thqwamausyw.dll and move each one to the Remove box by clicking the >> button.
- When you are done click Finish>>.
Step #3
Please download Combofix to your desktop.
- Double click on Combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Step #4
Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.
Step #5
In your next reply to this thread please provide the following logfiles:
- Combofix.txt
- Hijackthis Logfile
- HJT Uninstall list.
-
April 23rd, 2007, 07:54 PM
#11
hmm...the combofix didnt work...it rebooted my system, and then wen it booted back up, it said that it couldnt find cmb.exe or something like that in the system32 folder. also, i cant view web pages on that hard drive anymore. i was able to get the other 2 logs so ill post them.
Logfile of HijackThis v1.99.1
Scan saved at 18:42, on 07-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wuauclt.exe
E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
E:\WINDOWS\System32\M-AudioTaskBarIcon.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\11g USB adapter\Wifiusb.exe
E:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1898BA93-760C-71FE-7561-7DB2181B84B9} - E:\WINDOWS\system32\zubipwqq.dll (file missing)
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - E:\PROGRA~1\Ofb11\Ofb11.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - E:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97216354-41F5-4AC9-860D-E1EC7D9DAD7B} - E:\Program Files\Windows NT\nipybaj.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1170194214\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "E:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] E:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ms054841610871] E:\WINDOWS\ms054841610871.exe
O4 - HKLM\..\Run: [ms041484161087] E:\WINDOWS\ms041484161087.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Elus] "E:\PROGRA~1\COMMON~1\SCURIT~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 802.11g USB adapter.lnk = E:\Program Files\11g USB adapter\Wifiusb.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: __c0067857 - E:\WINDOWS\system32\__c0067857.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - E:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
here is the uninstall log
µTorrent
802.11g USB adapter
Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Audacity 1.2.6
avast! Antivirus
Collab
DSound GT Player Express
Fast Track USB
FL Studio 6
Guitar Pro 5.0
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 3
LimeWire PRO 4.12.3
Magic ISO Maker v5.3 (build 0216)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MIDI Yoke
MidiMeow 1.02 v4
MySpaceIM
MyWebCalls Dialer
Nero 6 Ultra Edition
Nero Digital
oggcodecs 0.71.0946
Outerinfo
PowerISO
QuickTime
RealPlayer Basic
Reason 3.0
SONAR 6 Producer Edition
Sound Control v2.15
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WMPTagSupportExtender
Xvid 1.1.2 final uninstall
Zelda Classic 1.84
-
April 23rd, 2007, 11:32 PM
#12
so i just checked and i apparently have viruses in things in my system32 folder. also...i get a connection to the internet, and i can go on aim and things like that, but i cant actually view websites
-
April 24th, 2007, 06:04 AM
#13
We'll continue.
Step 1
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
Step 2
Next, Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
J2SE Runtime Environment 5.0 Update 3
MyWebCalls Dialer
Outerinfo
Viewpoint Media Player
Step 3
Please download VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Step 4
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
- Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
- Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step 5
In your next reply please post the following logfiles:
- Vundofix.txt
- Hijackthis Logfile.
- AVG Anti-Spyware Report
- Combofix.txt located => C:\Combofix.txt
Last edited by Rahina Rescue; April 24th, 2007 at 06:09 AM.
-
April 24th, 2007, 07:10 AM
#14
mywebcalls dialer is not a threat...its something im subscribed to and i pay for...www.mywebcalls.com
-
April 24th, 2007, 09:31 AM
#15
Yes, unfortunately i listed it, my bad.
Could you do the rest of the things i asked you to
Thanks.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
