There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
2 Annoying Problems plz Help with HJT Log


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
12-May-2008, 01:32 AM #1
2 Annoying Problems plz Help with HJT Log
Here's my problem. I have a few trojans that are infecting my computer that I can't remove for the life of me. The trojans of note are as follows, " Trojan-Clicker.Win32.VB.and" "Trojan.Win32.Agent.lzp" "Trojan.Win32.VB.cqk"

As well, when I try to use IE I am automatically re-routed to a loading.net website. I am blocked out off my internet options to change the homepage back to my original home page. I'm assuming this has to do with the trojans that are continiously reinputing themselves back onto my system.

Here is my HJT Log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:17 AM, on 5/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\afinding.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\perfs.exe
C:\WINNT\System32\PnkBstrA.exe
C:\WINNT\System32\PnkBstrB.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lxbxcoms.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laoding.net/
O2 - BHO: (no name) - {019AB3FB-7CD1-45A2-8519-3084804276B4} - (no file)
O2 - BHO: (no name) - {04282A92-7A19-4362-ABB5-25620755A2C1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DC62696-F3A7-4B74-AE74-A402BF76BF56} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {2251CE3E-251D-48B6-A0D8-9A2FAAD96321} - (no file)
O2 - BHO: (no name) - {281AC628-8E4D-4483-9AE6-7B78C3D7DAC3} - (no file)
O2 - BHO: (no name) - {285a042e-5f58-4a84-bf1d-4c8b42a1d92f} - (no file)
O2 - BHO: (no name) - {473ADBDB-896A-4189-87D3-89E00A29D901} - (no file)
O2 - BHO: (no name) - {4946127B-FE93-4D4D-9F01-F5E0D03DFB62} - (no file)
O2 - BHO: (no name) - {4A2E2004-C55C-4EBB-988D-F3E86E5A315B} - (no file)
O2 - BHO: (no name) - {51CB62FC-04E1-485A-AD87-092720A2C22A} - C:\WINNT\System32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {95FEBE2F-97CE-496B-AE11-F95F8A213816} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINNT\System32\byxvwvs.dll (file missing)
O2 - BHO: (no name) - {A898097C-FA5E-4870-92DC-63B75D357AE2} - C:\WINNT\System32\aclu.dll
O2 - BHO: (no name) - {b5b963e2-3e1a-4a19-a1a2-1a8ec5aee71e} - (no file)
O2 - BHO: (no name) - {D28C8126-C019-4E47-A560-20294BF4B330} - C:\WINNT\System32\aclu.dll
O2 - BHO: (no name) - {DE80AA27-29A2-438D-A0F4-C6EFD6B449C5} - C:\WINNT\System32\aclu.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {F27DE1AB-0282-44AE-A518-054CB6014D08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [A00FC54E21.exe] C:\DOCUME~1\Brian\LOCALS~1\Temp\_A00FC54E21.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/gam...ts/y/st3_x.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: - ws_3s32.dll (file missing)
O20 - Winlogon Notify: - ws_3s32.dll (file missing)
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINNT\System32\afinding.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINNT\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINNT\System32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINNT\System32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9978 bytes
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
12-May-2008, 01:59 AM #2
Just an Update.. I was able to delte the loading.net via HJT and that fixed me being routed to the website, but I still dont have access to change my URL's homepage. Here is also a log of some of the trojans and such I have been dealing with on a consistent basis..

detected: Trojan program Trojan.Win32.VB.cqh URL: http://74.54.201.210/pabc/2.0/d.bin
detected: Trojan program Trojan.Win32.VB.cqk URL: http://74.54.201.210/zxy/2.0/d.bin
detected: Trojan program Trojan-Clicker.Win32.VB.alo URL: http://74.54.89.66/zxy/2.0/d.bin
detected: Trojan program Trojan.Win32.VB.cqe URL: http://cooleezq6.vicp.net/jsp/2.0/d.bin
detected: Trojan program Trojan.Win32.VB.crt URL: http://cnwebmastersblog.com/jsp/2.0/d.bin
detected: Trojan program Trojan-Downloader.Win32.Delf.hex URL: http://cooleezq6.vicp.net/xabc/2.0/ws.bin
detected: Trojan program Trojan-Downloader.Win32.Delf.hex URL: http://cnwebmastersblog.com/xabc/2.0/ws.bin
detected: Trojan program Trojan.Win32.Agent.lmh URL: http://74.54.201.210/pabc/2.0/rr.bin
detected: Trojan program Trojan.Win32.Agent.lmh URL: http://cooleezq6.vicp.net/xabc/2.0/rr.bin
detected: Trojan program Trojan-Downloader.Win32.Delf.hki URL: http://74.54.201.210/pabc/2.0/r.bin
detected: Trojan program Trojan-Downloader.Win32.Delf.hki URL: http://cooleezq6.vicp.net/xabc/2.0/r.bin
detected: Trojan program Trojan-Downloader.Win32.Delf.hki URL: http://cnwebmastersblog.com/xabc/2.0/r.bin
detected: Trojan program Trojan.Win32.VB.cqe URL: http://cooleezq6.vicp.net/xabc/2.0/d.bin
detected: Trojan program Trojan.Win32.VB.crt URL: http://cnwebmastersblog.com/xabc/2.0/d.bin
detected: Trojan program Trojan.Win32.VB.cof URL: http://74.54.201.210/pabc/2.0/discover.exe
detected: Trojan program Trojan.Win32.VB.cqk URL: http://cooleezq6.vicp.net/xabc/2.0/discover.exe
detected: Trojan program Trojan.Win32.VB.ctf URL: http://cnwebmastersblog.com/xabc/2.0/discover.exe
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
12-May-2008, 12:59 PM #3
Can anyone help with this problem??
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
12-May-2008, 06:35 PM #4
any little help will be appreciated.
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
15-May-2008, 02:08 AM #5
Ok now I am unable to change my internet browser. Meaning it is just stuck on MSN.com now and will not allow me to surf or changed anything. When I open IE or Firefox a window pops up stating "c:Program Files/........." Thats all I can see. I would really appreciate any input. I am on my last leg prior to wiping out my entire hard drive which is something I really can't afford to do. There are some important docs and things I can't get rid of. Please Help
Reply

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:08 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.