Jump to content

Recommended Posts

Hi, I am looking for any help possible regarding the following issues:

I am getting tons of pop up messages about spybot@mxt being on my computer,

I am also getting what i guess are non-trend micro alerts from networm-i.virus@fp, trojan-spy.win32@mx, and sw.x-vir trojan, but those alerts just lead to "bestseller antivirus" pop up ads.

Spybot and Trend Micro are showing me new spyware to delete every day. My explorer.exe is often using up the computer even when Im not doing anything. Trend Micro also detects a Trojan in my \local settings\temp folder which i manually delete each time i see it. I also have a "security toolbar" on my internet explorer which i did not install (and i have not added new programs lately) and hijackthis will not let me fix that. Even now I am getting tons of security alerts in my windows toolbar regarding spyware.

here is my hijack this log. Any help at all would be greatly appreciated! Please and thank you!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:05:17 PM, on 11/4/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\taskmgr.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PccHCMS.exe

C:\Program Files\Outlook Express\MSIMN.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Installs\HiJackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.go.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (file missing)

O2 - BHO: (no name) - {32E40498-D86D-4838-856A-8D6E1E6AC0F4} - C:\WINDOWS\System32\qomkl.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\golnkblx.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\golnkblx.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA3171] command /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC1719] cmd /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA7169] command /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC3593] cmd /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB4539] command /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD8093] cmd /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB3957] command /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD9687] cmd /c del "C:\WINDOWS\SYSTEM32\golnkblx.dll"

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - Winlogon Notify: golnkblx - C:\WINDOWS\SYSTEM32\golnkblx.dll

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--

End of file - 4728 bytes

~1\tmproxy.exe

Link to post
Share on other sites

Hi there, and welcome to Malwarebytes. Your system is seriously in need of updates to the OS. However, we can't do them until you are free of malware.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. Do not enable TeaTimer at this time.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please and a new HJT log.

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.