Midnightintx31 Posted January 16, 2009 ID:48180 Share Posted January 16, 2009 below is the hijack log, can someone please help me with this and tell me what the issue is?the problem i have been having is my antivirus keeps finding trojans but i can not seem to get rid of them, i origanally had trojans and pop ups galore.Antivirus- nortonSystem- windows xpthanks in advance, andyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:14:18 PM, on 1/13/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Bonjour\mDNSResponder.exeD:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeD:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\wscntfy.exeD:\WINDOWS\Explorer.EXED:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeD:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeD:\Program Files\AndybotSD\TeaTimer.exeD:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeD:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeD:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeD:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeD:\WINDOWS\system32\rundll32.exeD:\Documents and Settings\AM Test\Application Data\U3\0000060420025898\LaunchPad.exeD:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\ANDYBO~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {c0eebe2c-37e0-4e1d-964b-3e7e1302a3d9} - (no file)O2 - BHO: (no name) - {F5CE29A6-A241-4923-9691-66723E5C88B0} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dllO4 - HKLM\..\Run: [vptray] D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeO4 - HKLM\..\Run: [CPM2b58a198] Rundll32.exe "d:\docume~1\alluse~1\applic~1\mebokewe\mebokewe.dll",aO4 - HKLM\..\Run: [My Web Search Bar] rundll32 D:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [sudizozivu] Rundll32.exe "D:\WINDOWS\system32\yozoraba.dll",sO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 D:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPFO4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\AndybotSD\TeaTimer.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O8 - Extra context menu item: &Search - ?p=ZKxdm021NWUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\ANDYBO~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\ANDYBO~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588O20 - AppInit_DLLs: cfjuws.dll wckvhz.dll qpvzgx.dll, O20 - Winlogon Notify: yayaXPhE - yayaXPhE.dll (file missing)O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeO23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe--End of file - 5943 bytes Link to post Share on other sites More sharing options...
Katana Posted January 17, 2009 ID:48533 Share Posted January 17, 2009 Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.If you think you have similar problems, please post a log in the HJT forum and wait for help.Hello and welcome to the forumsMy name is Katana and I will be helping you to remove any infection(s) that you may have.Please observe these rules while we work: Please Read All Instructions Carefully If you don't understand something, stop and ask! Don't keep going on. Please do not run any other tools or scans whilst I am helping you Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there)If you can do those few things, everything should go smoothly Please Note, your security programs may give warnings for some of the tools I will ask you to use.Be assured, any links I give are safe----------------------------------------------------------------------------------------Download and Run RSITPlease download Random's System Information Tool by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt. Link to post Share on other sites More sharing options...
Midnightintx31 Posted January 17, 2009 Author ID:48658 Share Posted January 17, 2009 Katanathank you so much for the help!below are the contents of the reports you requested.the first one is the info.txt and the second one is the log.txtThanks, Andyinfo.txt logfile of random's system information tool 1.05 2009-01-17 16:12:26======Uninstall list======-->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.infActual Keylogger 2.3-->"D:\Program Files\AKProg\unins000.exe"Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}Adobe Color Common Settings-->D:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exeAdobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}Adobe ExtendScript Toolkit 2-->D:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exeAdobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}Adobe Photoshop CS3-->D:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exeAdobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}BookSmart Link to post Share on other sites More sharing options...
Katana Posted January 17, 2009 ID:48662 Share Posted January 17, 2009 Step 1Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform full scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt----------------------------------------------------------- -----------------------------------------------------------Step 2Download and Run ComboFix (by sUBs)Please visit this webpage for instructions for downloading and running ComboFix:Bleeping Computer ComboFix Tutorial You must download it to and run it from your Desktop Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. Double click combofix.exe & follow the prompts. When finished, it will produce a log. Please save that log to post in your next reply Re-enable all the programs that were disabled during the running of ComboFix..A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper ----------------------------------------------------------- -----------------------------------------------------------Step 3Kaspersky Online Scanner .Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normalNOTE:- This scan is best done from IE (Internet Explorer)NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As AdminGo Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.htmlRead the Requirements and limitations before you click Accept.Once the database has downloaded, click My Computer in the left paneNow go and put the kettle on !When the scan has completed, click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.**Note**To optimize scanning time and produce a more sensible report for review:Close any open programs.Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.----------------------------------------------------------- -----------------------------------------------------------Step 4Logs/Information to Post in ReplyPlease post the following logs/Information in your replyMalwareBytes LogCombofix LogKaspersky LogHow are things running now ?----------------------------------------------------------- -----------------------------------------------------------Additional NotesYour Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version Java and Adobe components and update.Updating Java:Download the latest version of Java Runtime Environment (JRE) 6u11 from http://java.sun.com/javase/downloads/index.jspScroll down to where it says "The Java Runtime Environment (JRE) 6 update 11 allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Update Adobe Acrobat ReaderAdobe Reader is a large program and uses unnecessary space.If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << RecommendedPlease go to this link Adobe Acrobat Reader Download LinkCllick DownloadOn the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.Click the Continue buttonClick Run, and click Run againNext click the Install Now button and follow the on screen promptsNow close all windows, including your browser.Double click on the Java installation that you downloaded and follow the prompts.Remove ProgramsNow click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,click on the program to highlight it, and click on remove.[*]Adobe Reader 8.1.2Java Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 22, 2009 Root Admin ID:49962 Share Posted January 22, 2009 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts