Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help!! analyzwe my hijack this results, please !!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help!! analyzwe my hijack this results, please !!!

Unread postby jameysimms » August 31st, 2007, 9:27 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:55 PM, on 8/31/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\coot\My Documents\F?nts\r?ndll.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {ADF08889-BF54-40A8-A4AE-FCABE6229D43} - C:\WINDOWS\system32\werwee.dll
O2 - BHO: (no name) - {C5CAFD79-65BF-3B16-EC55-3A76121854E0} - C:\WINDOWS\System32\opdrb.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\fgxwchvn.dll
O2 - BHO: (no name) - {C67B764E-EED0-E628-89D3-E2ABAF0307E9} - C:\WINDOWS\System32\flnciz.dll (file missing)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O2 - BHO: xpdrv32 - {F38696FC-7143-4B0A-9052-A7A96E398D11} - C:\Program Files\xpdrv32\Util\TW13A1IY.dll (file missing)
O2 - BHO: (no name) - {F4B7CB81-19E4-4117-9D2C-0A39214DE895} - C:\WINDOWS\System32\fccya.dll (file missing)
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O2 - BHO: psnr - {F7C6FC64-80B1-47E2-9A5C-C67051BBDD70} - C:\Program Files\psnr\Util\INDULFNE.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [krmbxuo] C:\WINDOWS\System32\wlfbqb.exe r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gzxyvvcc] "C:\Documents and Settings\coot\My Documents\F?nts\r?ndll.exe"
O4 - HKLM\..\Policies\Explorer\Run: [qflea] C:\WINDOWS\System32\qflea.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\WINDOWS\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\Windows\Iexplore.exe
O4 - HKCU\..\Policies\Explorer\Run: [bnhos] C:\WINDOWS\System32\bnhos.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lsdsrngp.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\kwintmdt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ ... tility.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: fccya - C:\WINDOWS\System32\fccya.dll (file missing)
O20 - Winlogon Notify: khfdeda - khfdeda.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

--
End of file - 5653 bytes
jameysimms
Active Member
 
Posts: 1
Joined: August 31st, 2007, 9:13 pm
Location: san marcos, tx
Advertisement
Register to Remove

Unread postby Navigator » September 1st, 2007, 1:04 am

Hello jamey...welcome to Malware Removal.

Your machine is severely infested with malware....it has Remote Access Trojans, Backdoors, Epolvy trojan, Vundo....I am not certain it can be 'fixed'. The nature of some of the infections resident on your computer render it completely compromised....and, even if we attempt to clean it, I cannot guarantee that it will ever be 'secure' or trustworthy. Your best bet may be a reformat/reinstall of the Operating System (OS), especially if you require the computer to be secure.

If this computer is used for anything of a sensitive nature (such as financial transactions, personal information etc.) I would recommend that you disconnect it immediately from the internet and go to a known clean computer and change all login/passwords for all secure sites.

Here is some reading for you regarding Backdoor or Remote Access Trojans:

What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

Regarding WHY your computer is in this state, the main reason is that you are using an unpatched version of Windows XP (i.e., you have not installed any of the necessary security updates issued by Microsoft). I will warn you upfront that if the reason for your Windows XP not having any security updates is that it is a pirated or cracked version of Windows, it is the policy of this forum (and in fact most if not all similar sites) not to support these illegitimate products and I will be unable to assist you further.

If you would still like to TRY and clean this computer (this may or may not be possible), the first step you must take is to do this:

1. IMPORTANT
You are currently using an unpatched version of Windows XP.
It is CRITICAL that you update to Service Pack 1a
Please go here and download and install Service Pack 1a. If you have any problems, please post them here.

DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable.

When you have updated Windows and installed an AV program please post a new HJT log (run in Normal Mode) in case you have picked up anything else since you posted your last one.

Let me know what you want to do from here after considering the above information.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby askey127 » September 14th, 2007, 6:58 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware