Edited by S_TiZzL3, 22 April 2008 - 08:42 PM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Closed] help plz!
Started by
S_TiZzL3
, Apr 21 2008 06:47 PM
-
This topic is locked
4 replies to this topic
#1
S_TiZzL3
-
- New Member
-
- 4 posts
New Member
Posted 21 April 2008 - 06:47 PM
Register to Remove
#2
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 29 April 2008 - 02:59 PM
Sorry about the delay in responding
If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#3
S_TiZzL3
-
- New Member
-
- 4 posts
New Member
Posted 29 April 2008 - 05:43 PM
Logfile of HijackThis v1.99.1
Scan saved at 8:41:48 PM, on 4/21/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\ProgramData\jorsdkru\zcxgpkne.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing)
O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file)
O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1
O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b
O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe
O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing)
O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
^^ HijackThis
it seems slower...the popups have stopped ever since i got Firefox but they come back when i open internet explorer and the internet browser often encounters an error and closes =(
#4
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 29 April 2008 - 05:56 PM
What did you shut off with msconfig?
Please do not delete anything unless instructed to.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing)
O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file)
O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1
O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b
O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe
O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe
O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing)
O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll
C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll
C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll
C:\ProgramData\gtmnozyi\ebylepyf.exe
C:\ProgramData\iclvojxm\xgdsngde.exe
C:\Windows\Resources\MonSys.dll
C:\Windows\pmsoarbf.dll
C:\Windows\omlbpkaw.dll
C:\Windows\Resources\KernelUnknown.dll
Delete these Folders if listed:
C:\ProgramData\gtmnozyi
C:\ProgramData\iclvojxm
Open C:\Users\Stizz\AppData\Local\Temp\ <--Delete all files in this folder.
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
Please do not delete anything unless instructed to.
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:
O2 - BHO: DVA Storm - {D80F83DA-6FDC-4432-B350-29AABB316D2B} - C:\Windows\lgmxvpatamk.dll (file missing)
O3 - Toolbar: (no name) - {16B35F26-7FBC-45AD-83E2-4991CB73F477} - (no file)
O3 - Toolbar: (no name) - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll,#1
O4 - HKCU\..\Run: [c09c38ce] rundll32.exe "C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll",b
O4 - HKCU\..\Run: [gtmnozyi] C:\ProgramData\gtmnozyi\ebylepyf.exe
O4 - HKCU\..\Run: [iclvojxm] C:\ProgramData\iclvojxm\xgdsngde.exe
O21 - SSODL: MonSys - {fbac76ae-ad1f-40c3-9076-a77aebe18aa3} - C:\Windows\Resources\MonSys.dll (file missing)
O21 - SSODL: pmsoarbf - {31AE39B4-C9F8-4237-B384-BA0A90DAEC91} - C:\Windows\pmsoarbf.dll (file missing)
O21 - SSODL: omlbpkaw - {4CE69ED8-6970-4CCB-905E-83505679E2A4} - C:\Windows\omlbpkaw.dll (file missing)
O21 - SSODL: KernelUnknown - {42e514c2-249c-4075-a2b9-d637e31009a7} - C:\Windows\Resources\KernelUnknown.dll (file missing)
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\Users\Stizz\AppData\Local\Temp\vtUkhijH.dll
C:\Users\Stizz\AppData\Local\Temp\awturPJA.dll
C:\Users\Stizz\AppData\Local\Temp\xnciyjkh.dll
C:\ProgramData\gtmnozyi\ebylepyf.exe
C:\ProgramData\iclvojxm\xgdsngde.exe
C:\Windows\Resources\MonSys.dll
C:\Windows\pmsoarbf.dll
C:\Windows\omlbpkaw.dll
C:\Windows\Resources\KernelUnknown.dll
Delete these Folders if listed:
C:\ProgramData\gtmnozyi
C:\ProgramData\iclvojxm
Open C:\Users\Stizz\AppData\Local\Temp\ <--Delete all files in this folder.
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 11 May 2008 - 06:29 PM
Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
