Jump to content

Trouble with laptop


Recommended Posts

I have an infection on my laptop and I can't get rid of it. I tried AVG and that didn't work. Now I can't open almost every program I have. I tried installing MBAM and it installed, but wouldn't update or open. I installed it to a flash drive on another computer and updated it, then tried to open it on my laptop to no avail. I made a log with Hijiack This and it is below. Please help! (sorry, it wouldn't let me attach it)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:22:27 PM, on 9/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Privoxy\privoxy.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\PersistenceThread.exe

C:\Program Files\Parental Control\bin\pcontrol.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\user.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\system.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\spoolsv.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\csrss.exe

C:\WINDOWS\wininst.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\smss.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\lsass.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\login.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\mdm.exe

C:\WINDOWS\setup.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\seixsnk.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\ea50c4y2uz.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\k5dybt.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Robert\.COMMgr\complmgr.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\user.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\system.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\spoolsv.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\csrss.exe

C:\WINDOWS\wininst.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\smss.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\lsass.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\login.exe

C:\WINDOWS\system32\igfxext.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\mdm.exe

C:\WINDOWS\setup.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\seixsnk.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\ea50c4y2uz.exe

C:\DOCUME~1\Robert\LOCALS~1\Temp\k5dybt.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Autorun Eater\oldmcdonald.exe

C:\Program Files\Autorun Eater\billy.exe

F:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: C:\WINDOWS\system32\fde1f.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\WINDOWS\system32\fde1f.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe

O4 - HKLM\..\Run: [Parental Control] "C:\Program Files\Parental Control\bin\pcontrol.exe" --start

O4 - HKLM\..\Run: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [anworscexm.tmp] "C:\DOCUME~1\Robert\LOCALS~1\Temp\anworscexm.tmp"

O4 - HKLM\..\Run: [Acronis Toolbar Helper] rundll32.exe "C:\Documents and Settings\Robert\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt

O4 - HKLM\..\Run: [gebawwsys] rundll32.exe "tutsts.dll",s

O4 - HKLM\..\Run: [MKcZ] C:\WINDOWS\mdm.exe

O4 - HKLM\..\Run: [MKee] C:\WINDOWS\user.exe

O4 - HKLM\..\Run: [MKetc] C:\WINDOWS\sysedit.exe

O4 - HKLM\..\Run: [MKexe] C:\WINDOWS\system.exe

O4 - HKLM\..\Run: [MKfpe] C:\WINDOWS\winamp.exe

O4 - HKLM\..\Run: [HNUijHXlrxc] C:\DOCUME~1\Robert\LOCALS~1\Temp\spoolsv.exe

O4 - HKLM\..\Run: [HNUijHXlpe] C:\DOCUME~1\Robert\LOCALS~1\Temp\csrss.exe

O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\Robert\LOCALS~1\Temp\wsenoxmacr.tmp

O4 - HKLM\..\Run: [MKfre] C:\WINDOWS\wininst.exe

O4 - HKLM\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe

O4 - HKLM\..\Run: [HNUijHXlrf] C:\DOCUME~1\Robert\LOCALS~1\Temp\smss.exe

O4 - HKLM\..\Run: [MKaZ] C:\WINDOWS\cmd.exe

O4 - HKLM\..\Run: [HNUijHXlne] C:\DOCUME~1\Robert\LOCALS~1\Temp\lsass.exe

O4 - HKLM\..\Run: [HNUijHXlna] C:\DOCUME~1\Robert\LOCALS~1\Temp\login.exe

O4 - HKLM\..\Run: [HNUijHXlmc] C:\DOCUME~1\Robert\LOCALS~1\Temp\mdm.exe

O4 - HKLM\..\Run: [MKevc] C:\WINDOWS\setup.exe

O4 - HKLM\..\Run: [HNUijHXlnxc] C:\DOCUME~1\Robert\LOCALS~1\Temp\seixsnk.exe

O4 - HKLM\..\Run: [HNUijHXlVQT] C:\DOCUME~1\Robert\LOCALS~1\Temp\ea50c4y2uz.exe

O4 - HKLM\..\Run: [HNUijHXlYf] C:\DOCUME~1\Robert\LOCALS~1\Temp\k5dybt.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Desktop Cleanup Wizard] rundll32.exe "C:\Documents and Settings\Robert\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll", StartProt

O4 - HKCU\..\Run: [ljiijgsys] rundll32.exe "tutsts.dll",s

O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Robert\Application Data\BB2B74104DF3938119AA91293CEB1BD9\mediafix70700en02.exe

O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Robert\.COMMgr\complmgr.exe"

O4 - HKCU\..\Run: [MKcZ] C:\WINDOWS\mdm.exe

O4 - HKCU\..\Run: [MKee] C:\WINDOWS\user.exe

O4 - HKCU\..\Run: [MKetc] C:\WINDOWS\sysedit.exe

O4 - HKCU\..\Run: [MKexe] C:\WINDOWS\system.exe

O4 - HKCU\..\Run: [MKfpe] C:\WINDOWS\winamp.exe

O4 - HKCU\..\Run: [HNUijHXlrxc] C:\DOCUME~1\Robert\LOCALS~1\Temp\spoolsv.exe

O4 - HKCU\..\Run: [HNUijHXlpe] C:\DOCUME~1\Robert\LOCALS~1\Temp\csrss.exe

O4 - HKCU\..\Run: [MKfre] C:\WINDOWS\wininst.exe

O4 - HKCU\..\Run: [MKerb] C:\WINDOWS\taskmgr.exe

O4 - HKCU\..\Run: [HNUijHXlrf] C:\DOCUME~1\Robert\LOCALS~1\Temp\smss.exe

O4 - HKCU\..\Run: [MKaZ] C:\WINDOWS\cmd.exe

O4 - HKCU\..\Run: [HNUijHXlne] C:\DOCUME~1\Robert\LOCALS~1\Temp\lsass.exe

O4 - HKCU\..\Run: [HNUijHXlna] C:\DOCUME~1\Robert\LOCALS~1\Temp\login.exe

O4 - HKCU\..\Run: [HNUijHXlmc] C:\DOCUME~1\Robert\LOCALS~1\Temp\mdm.exe

O4 - HKCU\..\Run: [MKevc] C:\WINDOWS\setup.exe

O4 - HKCU\..\Run: [HNUijHXlnxc] C:\DOCUME~1\Robert\LOCALS~1\Temp\seixsnk.exe

O4 - HKCU\..\Run: [HNUijHXlVQT] C:\DOCUME~1\Robert\LOCALS~1\Temp\ea50c4y2uz.exe

O4 - HKCU\..\Run: [HNUijHXlYf] C:\DOCUME~1\Robert\LOCALS~1\Temp\k5dybt.exe

O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\Robert\LOCALS~1\Temp\Ttd.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [nnopnlsys] rundll32.exe "tutsts.dll",s (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Antimalware Doctor.lnk = C:\Documents and Settings\Robert\Application Data\BB2B74104DF3938119AA91293CEB1BD9\mediafix70700en02.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: SuperHybridEngine.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\policylsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\policylsp.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\winamnc.dll,C:\Documents and Settings\Robert\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll

O20 - Winlogon Notify: igdlogin - C:\WINDOWS\SYSTEM32\igdlogin.dll

O22 - SharedTaskScheduler: hasf87hdfuidhfiudfhdiu - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\WINDOWS\system32\fde1f.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: privoxy - The Privoxy team - www.privoxy.org - C:\Program Files\Privoxy\privoxy.exe

O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

--

End of file - 14011 bytes

Link to post
Share on other sites

:)

To be real honest with you, you are so infected I don't know if it can be cleaned.

I don't see a Anti_virus program running on your system.

I do see Limewire (P2P). I'll assume you have downloaded programs / files that started / added to the infection?

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Download these tools needed to a flash drive or other removable media, and run them from the USB device after plugging it into the infected computer.

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Next:

Please download ATF Cleaner by Atribune to your Flashdrive and run it from there.

Download - ATF Cleaner

Link to post
Share on other sites

If my computer is that badly infected I take it that it would never be a smart idea to use it for personal information again? If so, would destroying the hard drive and getting a new one with a fresh install of windows solve the problem? Sorry for the late reply.
Yes that would do it.

Be sure to add a anti-virus program.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.