Jump to content
Sign in to follow this  
birdstheword

HJT log

Recommended Posts

I posted my problem in th virus forum, having a problem with nasty spyware can't get rid of, so heres my HJT log, hope someone can reply soon going crazy! :pullhair:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:35:52 AM, on 5/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\Fonts\lsasrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\repair\crvss.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\BMCENT~1\BMLauncher.exe

C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\SYSTEM32\cmd64.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [bookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\Run: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\pjendqje.dll",realset

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\RunServices: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\RunServices: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\RunServices: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146060731265

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: MsgPlusLoader.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Local Security Authority Server (LSAS_Serv) - Unknown owner - C:\WINDOWS\Fonts\lsasrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Copy Installer (WCPSVC) - Unknown owner - C:\WINDOWS\repair\crvss.exe

Share this post


Link to post
Share on other sites

Taking a look at your log, and will get back with you as soon as I can.

Share this post


Link to post
Share on other sites

Please run HijackThis, Scan

Check box for:

 

O4 - HKLM\..\Run: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\Run: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\pjendqje.dll",realset

 

O4 - HKLM\..\RunServices: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\RunServices: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\RunServices: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

 

Select: Fix checked

 

~~~~

Next, download SuperAntiSpyware Home Edition Free Version

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Install the program

 

Run SuperAntiSpyware and click: Check for updates

Once the update is finished, on the main screen, click: Scan your computer

Check: Perform Complete Scan

Click Next to start the scan.

 

Superantispyware scans the computer, and when finished, lists all the infections found.

Make sure everything found has a check next to it, and press: Next

Click Finish

 

It is possible that the program asks to reboot in order to delete some files.

 

Obtain the SuperAntiSpyware log as follows:

Click: Preferences

Click the Statistics/Logs tab

Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

 

You need to copy the information in the SuperAntiSpyware log and post in your reply.

 

~~~~

Next, download ComboFix (by sUBs):

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

It is important to save ComboFix directly to the Desktop

 

Next, close any open browsers.

 

Double click on combofix.exe and follow the prompts.

When it's finished it produces C:\ComboFix.txt

 

~~~~

Run HijackThis once again, and Scan.

 

~~~~

Please provide the following in your reply:

The SuperAntiSpyware log

The C:\ComboFix.txt

A new HijackThis log.

 

 

Also, please go to Virus Total:

http://www.virustotal.com/flash/index_en.html

 

Click Browse, and go to the following file:

C:\WINDOWS\Fonts\lsasrv.exe

 

Then, press: Send

It may take a little while to scan.

 

When the scan completes, copy the report, and post the results.

Share this post


Link to post
Share on other sites

Please run HijackThis, Scan

Check box for:

 

O4 - HKLM\..\Run: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\Run: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\pjendqje.dll",realset

 

O4 - HKLM\..\RunServices: [command] C:\WINDOWS\SYSTEM32\command.exe

O4 - HKLM\..\RunServices: [cmd32] C:\WINDOWS\SYSTEM32\cmd32.exe

O4 - HKLM\..\RunServices: [cmd64] C:\WINDOWS\SYSTEM32\cmd64.exe

 

Select: Fix checked

 

~~~~

Next, download SuperAntiSpyware Home Edition Free Version

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Install the program

 

Run SuperAntiSpyware and click: Check for updates

Once the update is finished, on the main screen, click: Scan your computer

Check: Perform Complete Scan

Click Next to start the scan.

 

Superantispyware scans the computer, and when finished, lists all the infections found.

Make sure everything found has a check next to it, and press: Next

Click Finish

 

It is possible that the program asks to reboot in order to delete some files.

 

Obtain the SuperAntiSpyware log as follows:

Click: Preferences

Click the Statistics/Logs tab

Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

 

You need to copy the information in the SuperAntiSpyware log and post in your reply.

 

~~~~

Next, download ComboFix (by sUBs):

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

It is important to save ComboFix directly to the Desktop

 

Next, close any open browsers.

 

Double click on combofix.exe and follow the prompts.

When it's finished it produces C:\ComboFix.txt

 

~~~~

Run HijackThis once again, and Scan.

 

~~~~

Please provide the following in your reply:

The SuperAntiSpyware log

The C:\ComboFix.txt

A new HijackThis log.

Also, please go to Virus Total:

http://www.virustotal.com/flash/index_en.html

 

Click Browse, and go to the following file:

C:\WINDOWS\Fonts\lsasrv.exe

 

Then, press: Send

It may take a little while to scan.

 

When the scan completes, copy the report, and post the results.

 

 

Thanks for getting back to me and I copied the info you gave me to show my friend that knows more about PC's then me, he will help me try and fix this mess I have. I believe its way more complicated for me to handle as now I'm getting more things from AVG telling me I have another virus>>>trojanhorse collected 11.B to name a few, But I will let you know how it all ends :adios:

Share this post


Link to post
Share on other sites

You will need to post back the logs requested so we can make further determinations.

 

The instructions are just the preliminary actions... :mrgreen:

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...