Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91733 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] help plz!


  • This topic is locked This topic is locked
4 replies to this topic

#1 S_TiZzL3

S_TiZzL3

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 April 2008 - 06:47 PM

hey i recently got a trojan and i cant get rid of it i ran AVG/Spybot/Rogue Remover and Smithfradfix numerous times and nothing has fixed it heres my Hijackthis log plz help =( Logfile of HijackThis v1.99.1 Scan saved at 8:41:48 PM, on 4/21/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\ProgramData\jorsdkru\zcxgpkne.exe C:\Program Files\Grisoft\AVG7\avgwb.dat C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing) O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file) O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file) O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1 O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing) O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing) O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing) O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Edited by S_TiZzL3, 22 April 2008 - 08:42 PM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 02:59 PM

Posted Image

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 S_TiZzL3

S_TiZzL3

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 29 April 2008 - 05:43 PM

Logfile of HijackThis v1.99.1 Scan saved at 8:41:48 PM, on 4/21/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\ProgramData\jorsdkru\zcxgpkne.exe C:\Program Files\Grisoft\AVG7\avgwb.dat C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing) O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file) O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file) O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1 O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing) O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing) O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing) O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) ^^ HijackThis it seems slower...the popups have stopped ever since i got Firefox but they come back when i open internet explorer and the internet browser often encounters an error and closes =(

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 05:56 PM

What did you shut off with msconfig?

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing)
O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file)
O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1
O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b
O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe
O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe
O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing)
O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll
C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll
C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll
C:\ProgramData\gtmnozyi\ebylepyf.exe
C:\ProgramData\iclvojxm\xgdsngde.exe
C:\Windows\Resources\MonSys.dll
C:\Windows\pmsoarbf.dll
C:\Windows\omlbpkaw.dll
C:\Windows\Resources\KernelUnknown.dll


Delete these Folders if listed:
C:\ProgramData\gtmnozyi
C:\ProgramData\iclvojxm


Open C:\Users\Stizz\AppData\Local\Temp\ <--Delete all files in this folder.



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 May 2008 - 06:29 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users