need some real help here (p[lease)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
P

prime8

Thread Starter
Joined
Sep 3, 2003
Messages
16
well, i ve done everything that i can think of...
i know i have a Trojan somewhere and i keeps eluding me. i've tried AdAware SE, Spybot, that and that.

i am not able to download ANYTHING that has to do w/ spyware removal or critical updates--windows SP2 always stops downloading at 33%.
anywho, i think im just going to reformat and call it a day but i wanted to make sur that there isn't anything i have overlooked or not thought of.

below is my report from HiJack This..
thanks guys (girls?)

also do you have a snail-mail address to donate...i refuse to do it on-line w/ this damn virus!
thanks!
gabriel


Logfile of HijackThis v1.98.2
Scan saved at 8:09:37 PM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\WINDOWS\System32\phldtx.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8b5e9cdb91dddbb342695fbdc36fe0e4\update\update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\qwerty\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [xzujbtqhdb] C:\WINDOWS\System32\phldtx.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O21 - SSODL: System - {05B5379C-6058-4EF3-B056-6B24157C8AB5} - C:\WINDOWS\system32\system32.dll (file missing)
 
LDTate

LDTate

Malware Specialist
Joined
Aug 13, 2004
Messages
789
If you haven't reformated yet, try a couple online scans.

Click Here

Click Here

Make a new folder like C:\HJT and move your HijackThis.exe in there
Post a new HijackThis log
 
F

FinestRanger

Joined
Oct 13, 2003
Messages
2,367
The first thing to do: Move HiJackThis to a permanent folder of its own; It creates back ups of the removed files and will be neatly scattered :) all over your desktop otherwise. (y)



Run CWShredder.

CWShredder download link

Under "Official Downloads" download "CWShredder".

Unzip the program to a permanent folder of your choosing. Close ALL (except CWShredder ;) )browser windows and click "FIX".

After it's done running click on "How do I prevent re-infection?" and, at a minimum, click on "Go Download the ByteVerifier patch on Microsoft.com"

If you have problems running CWShredder, then get the SmartKiller removal tool on this page:

http://www.spywareinfo.com/~merijn/downloads.html

Re-start your computer .





Before we start, let's disable your System Restore. After the infection's been cleaned re-enable system restore.
Disabling System Restore in Windows XP Disable System Restore in Windows ME

IF, for some reason, you lose the ability to use IE or lose your internet connection...open HJT-->"Config"-->"Backups"-->"Restore".


Open HiJackThis. Click "Scan". Put a checkmark next to these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O4 - HKLM\..\Run: [xzujbtqhdb] C:\WINDOWS\System32\phldtx.exe

O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

O15 - Trusted Zone: http://*.windowsupdate.com

O21 - SSODL: System - {05B5379C-6058-4EF3-B056-6B24157C8AB5} - C:\WINDOWS\system32\system32.dll (file missing)


Close ALL browser windows (except HiJackThis ;) ) and click "Fix checked."


Re-start your computer.


NEXT:


Re-start your computer into safe mode:

How to start your computer in Safe Mode



NEXT:



Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

http://www.computerhope.com/issues/ch000225.htm

Next navigate to the C:\Documents and Settings\ <user's name>\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Now click the "Delete Cookies" button and click OK.


Empty the Recycle Bin


Re-start your computer and post another HJT log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 490 (members: 1, guests: 489)
Top