1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Frenzy can any one help?

Discussion in 'Virus & Other Malware Removal' started by nicrabit, Feb 11, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. nicrabit

    nicrabit Thread Starter

    Joined:
    Feb 11, 2005
    Messages:
    4
    Here's the log i saved from using "Hijackthis"~ I dont knwo what to make of it or how to fix it~ Here's the background on my system: in the last week ive had to reinstall windows XP Home 4 times, this last time the system seems to be working ok, except all of these trojans and what not..im not really sure what to do.
    Thank in advance for your help,
    Nicole :p



    Logfile of HijackThis v1.97.7
    Scan saved at 9:57:33 AM, on 2/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Windows AdStatus\WinStat.exe
    C:\WINDOWS\System32\mcafee32.exe
    C:\WINDOWS\rwsqmvk.exe
    C:\program files\180solutions\sais.exe
    C:\WINDOWS\System32\Juqmzd.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\WINDOWS\System32\cdaccess2.exe
    C:\WINDOWS\qzif.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Windows AdStatus\WinStatKeep.exe
    C:\WINDOWS\System32\odptl.exe
    C:\WINDOWS\System32\gah95on6.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ntvgr1.exe
    C:\WINDOWS\System32\soundmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drwtsn32.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F0 - system.ini: Shell=Explorer.exe soundmon.exe
    F2 - REG:system.ini: Shell=Explorer.exe soundmon.exe
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
    O4 - HKLM\..\Run: [0raKyYQc] C:\WINDOWS\rwsqmvk.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitennv32.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Hnrxgw.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Juqmzd.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKLM\..\Run: [qzif] C:\WINDOWS\qzif.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\temp\CXTPLS~1.EXE" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers
    O4 - HKLM\..\Run: [tFnV38e] odptl.exe
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
    O4 - HKLM\..\RunServices: [Mcafee Antivirus Monitoring System32mn] VSStatmn32.exe
    O4 - HKLM\..\RunServices: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
    O4 - HKCU\..\Run: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKCU\..\Run: [co49RUK7O] ntvgr1.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
     
  2. tj416

    tj416

    Joined:
    Nov 18, 2004
    Messages:
    747
    Hi nicrabit,

    Welcome to the TSG!!:)

    Step 1

    1. Download and Install Spybot S&D, accepting the Default Settings
    2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
    3. Close ALL windows except Spybot S&D
    4. Click the button to ‘Search for Updates’ then download and install the Updates.
    5. Next click the button ‘Check for Problems’
    6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
    7. Make certain there is a check mark beside all of the RED entries ONLY.
    8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
    9.REBOOT to complete the scan and clear memory.


    Step 2

    1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
    2.Close ALL windows except Ad-Aware SE
    3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
    4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

    1) In the ‘General’ window make sure the following are selected in green:
    *Automatically save log-file
    *Automatically quarantine objects prior to removal
    *Safe Mode (always request confirmation)

    Under Definitions:
    *Prompt to udate outdated definitions - set the number of days

    2) Click on the ‘Scanning’ button on the left and select in green :

    Under Driver, Folders & Files:
    *Scan Within Archives

    Under Select drives & folders to scan -
    *choose all hard drives

    Under Memory & Registry: all green
    *Scan Active Processes
    *Scan Registry
    *Deep Scan Registry
    *Scan my IE favorites for banned URL’s
    *Scan my Hosts file

    3) Click on the ‘Advanced’ button on the left and select in green:

    Under Shell Integration:
    *Move deleted files to recycle bin

    Under Logfile Detail Level: (all green)
    *include addtional object information
    *DESELECT - include negligible objects information
    *include environment information

    Under Alternate Data Streams:
    *Don't log streams smaller than 0 bytes
    *Don't log ADS with the following names: CA_INOCULATEIT

    4) Click the ‘Tweak’ button and select in green:

    Under ‘Scanning Engine’:
    *Unload recognized processes during scanning
    *Scan registry for all users instead of current user only

    Under ‘Cleaning Engine’:
    *Let Windows remove files in use at next reboot

    Under Log Files:
    *Include basic Ad-aware SE settings in logfile
    *Include additional Ad-aware SE settings in logfile
    *Please do not check: Include Module list in logfile

    5. Click on ‘Proceed’ to save the settings.
    6. Click ‘Start’

    *Choose:'Perform Full System Scan'
    *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
    8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
    9. Save the log file when it asks and then click ‘finish’
    10. REBOOT to complete the removal of what Ad-Aware SE found.

    STEP 3

    Your version of Hijack This is outdated download the latest version from http://www.merijn.org/files/hijackthis.zip and post a new log in this thread.
     
  3. nicrabit

    nicrabit Thread Starter

    Joined:
    Feb 11, 2005
    Messages:
    4
    Thank you soooo much!!!! its helped a lot and my computer "seems" to be functioning properly....if i have any more problems ill ask!...once again thank You for your help
    ~nicole
     
  4. tj416

    tj416

    Joined:
    Nov 18, 2004
    Messages:
    747
    I still suggest that you post a fresh log for us to examine.
     
  5. nicrabit

    nicrabit Thread Starter

    Joined:
    Feb 11, 2005
    Messages:
    4
    here's the new log..sorry forgot to do that one~

    Logfile of HijackThis v1.99.0
    Scan saved at 4:17:34 PM, on 2/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\mcafee32.exe
    C:\WINDOWS\rwsqmvk.exe
    C:\WINDOWS\System32\Juqmzd.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\WINDOWS\System32\gah95on6.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\lsainv.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\cdaccess2.exe
    C:\WINDOWS\System32\ipr_mtf.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\WINDOWS\System32\soundmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\HijackThis.exe

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe soundmon.exe
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
    O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
    O4 - HKLM\..\Run: [0raKyYQc] C:\WINDOWS\rwsqmvk.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitennv32.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Hnrxgw.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Juqmzd.exe
    O4 - HKLM\..\Run: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [tFnV38e] lsainv.exe
    O4 - HKLM\..\Run: [¢‰¸u0–4C
    }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rwsqmvk.exe
    O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
    O4 - HKLM\..\RunServices: [Mcafee Antivirus Monitoring System32mn] VSStatmn32.exe
    O4 - HKLM\..\RunServices: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
    O4 - HKCU\..\Run: [Auto CD-ROM2 Startup] cdaccess2.exe
    O4 - HKCU\..\Run: [co49RUK7O] ipr_mtf.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: SCA - Unknown - C:\WINDOWS\System32\SYSTEM.EXE (file missing)
     
  6. nicrabit

    nicrabit Thread Starter

    Joined:
    Feb 11, 2005
    Messages:
    4
    uh..ok i was wrong...:S...my computer is locking up now...i cant run a full scan of Spybot or Adaware, or do much else without it locking up..and it wont shut down properly it takes at least 15 minutes for it to even log off and then its stuck....ive done everythign on the list above, and i am not sure what else to do...also my AVG anti virus keeps throwing stuff at me telling me i have a trojan horse of some kind and i "heal" it and it keeps doing it.

    ~Very frusterated~
    Nicole
     
  7. tj416

    tj416

    Joined:
    Nov 18, 2004
    Messages:
    747
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329304

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice