Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

friends hijackthis.log need help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my friend hijackthis.log need advice .. help

Unread postby yeakyau » January 15th, 2007, 1:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 22:04:59, on 2006-1-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO:  - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -
C:\PROGRA~1\COMMON~1\qqsp\.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus
Shield\avp.exe"
O4 - HKLM\..\RunOnce: [sxagf] %systemroot%\system32\Rundll32.exe
%systemroot%\system32\sxagf.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program
Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Transaction Provisioning Service (dosls578) - Unknown
owner - C:\WINDOWS\system32\service.exe
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe


fix the line below
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll

fan.eeewl.com
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe

C:\WINDOWS\system32\conime.exe <-- has been deleted


all the line has been fix using avenger coz some line they couldn't be fix using killbox and hijackthis tool.however still facing some problem.. cannot online even using winsock to repair and lan driver gone automatically after install couldn't detected however .. plenty off rundll32.exe runing in process.. automatically need advice.. >.<" this is my friend hijackthis.log weird..
yeakyau
Regular Member
 
Posts: 149
Joined: July 4th, 2006, 6:02 am
Location: Penang
Advertisement
Register to Remove

Unread postby John B. » January 15th, 2007, 1:51 pm

Hi,

Please post hijackhthis logs of your own pc or friends in the 06. Shadow Board

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby yeakyau » January 15th, 2007, 2:09 pm

haha ok thanks. sorry post in wrong place how to remove this topic ?
yeakyau
Regular Member
 
Posts: 149
Joined: July 4th, 2006, 6:02 am
Location: Penang

friends hijackthis.log need help.

Unread postby yeakyau » January 15th, 2007, 2:10 pm

This log file is in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 21:54:40, on 2006-1-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO:  - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -
C:\PROGRA~1\COMMON~1\qqsp\.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus
Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program
Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Transaction Provisioning Service (dosls578) - Unknown
owner - C:\WINDOWS\system32\service.exe
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe


This log file is in safemode:
Logfile of HijackThis v1.99.1
Scan saved at 22:04:59, on 2006-1-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO:  - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -
C:\PROGRA~1\COMMON~1\qqsp\.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus
Shield\avp.exe"
O4 - HKLM\..\RunOnce: [sxagf] %systemroot%\system32\Rundll32.exe
%systemroot%\system32\sxagf.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program
Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Transaction Provisioning Service (dosls578) - Unknown
owner - C:\WINDOWS\system32\service.exe
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe


fix the line below
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll

fan.eeewl.com
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe

C:\WINDOWS\system32\conime.exe <-- has been deleted


all the line has been fix using avenger coz some line they couldn't be fix using killbox and hijackthis tool.however still facing some problem.. cannot online even using winsock to repair and lan driver gone automatically after install couldn't detected however .. plenty off rundll32.exe runing in process.. automatically need advice.. >.<" this is my friend hijackthis.log weird..

everytime his send me a new HJT.log have new infection... always show different thing for the HJT.log and always changing the HJT.log
yeakyau
Regular Member
 
Posts: 149
Joined: July 4th, 2006, 6:02 am
Location: Penang

Unread postby teacup61 » January 15th, 2007, 2:29 pm

I'll move it over there for you. :)
User avatar
teacup61
MRU Emeritus
MRU Emeritus
 
Posts: 1267
Joined: September 27th, 2006, 2:56 pm
Location: Texas

Unread postby yeakyau » January 17th, 2007, 1:06 pm

ok. thank you
yeakyau
Regular Member
 
Posts: 149
Joined: July 4th, 2006, 6:02 am
Location: Penang

Unread postby Linkmaster » January 25th, 2007, 8:13 pm

Hi yeakyau,
Sorry for the delay !!

First do this on your friend's pc :
Please go to Start, Run... and type notepad.exe
Hit OK
Click on Format and uncheck WordWrap
Close Notepad

Then post a fresh HijackThis log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby yeakyau » January 28th, 2007, 12:44 pm

Hi,
Sorry for the dealy to inform. My friends was format his windows :/ coz he was busy for his university staff .. so he was not decide to fix it.Ok pls remove this thread. Thanks.
yeakyau
Regular Member
 
Posts: 149
Joined: July 4th, 2006, 6:02 am
Location: Penang

Unread postby NonSuch » January 28th, 2007, 3:32 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27226
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware