alkatrazz Posted March 7, 2009 Share Posted March 7, 2009 hello everyone,I havent been around in a bit but I need some comp help and I know there are some comp gods here (steve). What happened was my gf downloaded something on here and now i have a little icon in my task bar telling me my comp is infected and it recommends a cleaner tool. anyway I tried to get rid of it but I can open my task manager, my firewall is going crazy telling me all these things are trying to access the internet. This is a pretty nasty trojan im pretty sure im dealing with. im running a scan of my comp but I think more can be done as far as turning some of these things off. I cant even view hidden files because the option in tools is gone. under documents and settings the file for local setting to get to temp file doesnt even exist. i have to type it in to get to the temp file and in the temp file there are 10 hidden files i cant even delete because theyre hidden. Someone help please. heres my hijack file Logfile of HijackThis v1.97.7Scan saved at 3:04:04 PM, on 3/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\drivers\services.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Raxco\PerfectDisk\PDSched.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\ICO.EXEC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Lexmark X74-X75\lxbbbmgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\drivers\services.exeC:\Documents and Settings\Alvaro Salinas\svchost.exeC:\WINDOWS\system32\frmwrk32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MI3AA1~1\wcescomm.exeC:\WINDOWS\system32\drivers\services.exeC:\Documents and Settings\Alvaro Salinas\svchost.exeC:\Program Files\Southwest Airlines\Ding\Ding.exeC:\Documents and Settings\Alvaro Salinas\Start Menu\Programs\Startup\userinit.exeC:\Program Files\Lexmark X74-X75\lxbbbmon.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Apoint\Apvfb.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\cw2gurtiq5.exeC:\Program Files\Mozilla Firefox\firefox.exeD:\Program Storage\Computer Protection\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exeO1 - Hosts: 91.207.117.244 browser-security.microsoft.comO2 - BHO: (no name) - {198bc18e-6a85-4cb2-b275-cd8dc1eb6517} - C:\WINDOWS\system32\murijovu.dllO2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs3i7jdgfd.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exeO4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exeO4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimizeO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [0c21e3d0] rundll32.exe "C:\WINDOWS\system32\sujehehe.dll",bO4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exeO4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Alvaro Salinas\svchost.exeO4 - HKLM\..\Run: [Framework Windows] frmwrk32.exeO4 - HKLM\..\Run: [CPM0f12d04c] Rundll32.exe "c:\windows\system32\timuroje.dll",aO4 - HKLM\..\Run: [Npamubuworucato] rundll32.exe "C:\WINDOWS\obimukohiyima.dll",eO4 - HKLM\..\Run: [Gmopeboyo] rundll32.exe "C:\WINDOWS\Ajewezelagarobif.dll",eO4 - HKLM\..\Run: [kesemavema] Rundll32.exe "C:\WINDOWS\system32\jumebobo.dll",sO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exeO4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Alvaro Salinas\svchost.exeO4 - HKCU\..\Run: [v8ctfnnza57miyccqk477rtacv6rwsx787ppp5hti] C:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\cw2gurtiq5.exeO4 - HKCU\..\Run: [oz2nngxtheos6azdhebzuv] C:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\f78m1k.exeO4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exeO4 - Startup: userinit.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra button: Create Mobile Favorite (HKLM)O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)O9 - Extra button: AIM (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108353121759O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab Quote Link to comment Share on other sites More sharing options...
Steve Posted March 7, 2009 Share Posted March 7, 2009 Run a full scan here: - http://onecare.live.com/site/en-us/default.htm It'll autofix any shit it finds. By the looks of that log, the PC is riddled with shite and you probably got infected because you haven't installed any updates in a long time. It certainly wouldn't have helped anyway. Even the version of HijackThis you're using is way out of date, haha. If you're still having problems after using OneCare, post another log (using the latest version of HijackThis), but if it's in as bad a shape as it is now then a backup/format/reinstall is gonna be your best option. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.