There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 backup bios boot browser bsod computer cpu crash css desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze game graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard lan laptop malware missing monitor msn network networking openoffice outlook outlook 2003 outlook express php popups problem router screen seo slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp wireless word
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Trojans Slowly Destroying my Computer, HJT Log


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
DimengionX's Avatar
Junior Member with 7 posts.
  
Join Date: May 2008
Experience: Intermediate
15-May-2008, 07:48 AM #1
Trojans Slowly Destroying my Computer, HJT Log
There are a few problems that are taking place. The most recent I am now unable to connect to the internet. I also have no control over my internet options in a web browser. I am completely locked out. Everytime I try to open IE or Firefox I get a pop up that states "c:ProgramFiles/InternetExplorer/Explorer....." and thats all I can see. My Antivirus has been picking up these attacks and states it removes or quaranteens these threats, but they keep comming back. I believe there has to be something in the boot registry but I am also locked out of that. I have noticed my computer's performance is becoming greatly hindered. I am unable to reformat because I do not own an operating disc. Any spyware program that is downlaoded ie. Adaware, Stopzilla, Spybot, and a few others all reinitiate the trojan. The trojan also renders the programs useless because they will not open. I have ran a CA scan and a Shield Deluxe scan. Both picked up multiple trojans but upon deletion they would immediatly return. The trojans I can remember off the top of my head are, "Trojan.Win32.Agent.vgk, Trojan-Downloader.Win32, And a different variation of trojan.Win32.Agent...."

It seems like my computer is getting taken over. I am getting block out of all access points 1 by 1. Eventually I am assuming I will no longer have control to do anything on my computer. I am in dire need of any help. Thank you in advance...


Here is my HJT Log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:17 AM, on 5/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\afinding.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\perfs.exe
C:\WINNT\System32\PnkBstrA.exe
C:\WINNT\System32\PnkBstrB.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lxbxcoms.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laoding.net/
O2 - BHO: (no name) - {019AB3FB-7CD1-45A2-8519-3084804276B4} - (no file)
O2 - BHO: (no name) - {04282A92-7A19-4362-ABB5-25620755A2C1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DC62696-F3A7-4B74-AE74-A402BF76BF56} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {2251CE3E-251D-48B6-A0D8-9A2FAAD96321} - (no file)
O2 - BHO: (no name) - {281AC628-8E4D-4483-9AE6-7B78C3D7DAC3} - (no file)
O2 - BHO: (no name) - {285a042e-5f58-4a84-bf1d-4c8b42a1d92f} - (no file)
O2 - BHO: (no name) - {473ADBDB-896A-4189-87D3-89E00A29D901} - (no file)
O2 - BHO: (no name) - {4946127B-FE93-4D4D-9F01-F5E0D03DFB62} - (no file)
O2 - BHO: (no name) - {4A2E2004-C55C-4EBB-988D-F3E86E5A315B} - (no file)
O2 - BHO: (no name) - {51CB62FC-04E1-485A-AD87-092720A2C22A} - C:\WINNT\System32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {95FEBE2F-97CE-496B-AE11-F95F8A213816} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINNT\System32\byxvwvs.dll (file missing)
O2 - BHO: (no name) - {A898097C-FA5E-4870-92DC-63B75D357AE2} - C:\WINNT\System32\aclu.dll
O2 - BHO: (no name) - {b5b963e2-3e1a-4a19-a1a2-1a8ec5aee71e} - (no file)
O2 - BHO: (no name) - {D28C8126-C019-4E47-A560-20294BF4B330} - C:\WINNT\System32\aclu.dll
O2 - BHO: (no name) - {DE80AA27-29A2-438D-A0F4-C6EFD6B449C5} - C:\WINNT\System32\aclu.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {F27DE1AB-0282-44AE-A518-054CB6014D08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [A00FC54E21.exe] C:\DOCUME~1\Brian\LOCALS~1\Temp\_A00FC54E21.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/gam...ts/y/st3_x.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: - ws_3s32.dll (file missing)
O20 - Winlogon Notify: - ws_3s32.dll (file missing)
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINNT\System32\afinding.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINNT\System32\lxbxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINNT\System32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINNT\System32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
Reply

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 08:40 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.