1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijackthis log please check and help if possible

Discussion in 'Windows - Virus and spyware problems' started by wrayboy, Jan 1, 2008.

  1. wrayboy

    wrayboy Member

    Joined:
    Jan 1, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    This is my hijackthis log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:41:22, on 01/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Parallels\Parallels Tools\cohrence.exe
    C:\WINDOWS\shell.exe
    C:\Program Files\Parallels\Parallels Tools\toolsrv.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\rundll32.exe
    E:\Jasc Software\Animation Shop 3\anim.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    F3 - REG:win.ini: load=C:\WINDOWS\System32\awtss.exe
    O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
    O2 - BHO: {15062684-a77d-e3ca-9054-31fdb5655b43} - {34b5565b-df13-4509-ac3e-d77a48626051} - C:\WINDOWS\System32\mwtqignf.dll
    O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)
    O2 - BHO: (no name) - {B44F62BA-6BA5-42E9-896A-1AF57325955A} - C:\WINDOWS\System32\awtss.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
    O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\System32\pmnnmnk.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
    O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winBC.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
    O4 - HKLM\..\Run: [64cfbac3] rundll32.exe "C:\WINDOWS\System32\kjscneac.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: findfast.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O10 - Unknown file in Winsock LSP: wsock3.dll
    O10 - Unknown file in Winsock LSP: wsock3.dll
    O10 - Unknown file in Winsock LSP: wsock3.dll
    O10 - Unknown file in Winsock LSP: wsock3.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
    O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll
    O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe
    O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe

    --
    End of file - 4266 bytes
     
    wrayboy, Jan 1, 2008
    #1
  2. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Pretty good mess! Will take a few steps to remove infections. Reboot into Safe mode. Run HJK. Do a scan only. Place check marks next to all the items listed below. Click, fix checked. Reboot. Run HJK, again. Post a new log.

    C:\WINDOWS\shell.exe

    C:\WINDOWS\mgrs.exe

    E:\Jasc Software\Animation Shop 3\anim.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

    F3 - REG:win.ini: load=C:\WINDOWS\System32\awtss.exe

    O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)

    O2 - BHO: {15062684-a77d-e3ca-9054-31fdb5655b43} - {34b5565b-df13-4509-ac3e-d77a48626051} - C:\WINDOWS\System32\mwtqignf.dll

    O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)

    O2 - BHO: (no name) - {B44F62BA-6BA5-42E9-896A-1AF57325955A} - C:\WINDOWS\System32\awtss.dll

    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

    O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\System32\pmnnmnk.dll

    O4 - HKLM\..\Run: [smgr] mgrs.exe

    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe

    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe

    O4 - HKLM\..\Run: [64cfbac3] rundll32.exe "C:\WINDOWS\System32\kjscneac.dll",b

    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe

    O4 - Startup: findfast.exe

    O4 - Global Startup: autorun.exe

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

    O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll

    O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll
     
    Last edited: Jan 1, 2008
    QuikDraw, Jan 1, 2008
    #2
  3. wrayboy

    wrayboy Member

    Joined:
    Jan 1, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    Ok, i've done everyting. But I still have the virus. and er, thanks.
    Can you check this logfile please ?
    Thanks.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)

    Scan saved at 20:26:57, on 04/01/2008

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.exe

    C:\Program Files\Parallels\Parallels Tools\cohrence.exe

    C:\Program Files\Parallels\Parallels Tools\toolsrv.exe

    C:\WINDOWS\TEMP\D7ADC57D.exe

    C:\WINDOWS\locker.exe

    C:\WINDOWS\wl.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\shell.exe

    C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe



    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

    O2 - BHO: (no name) - {67A02F72-2791-473B-9916-95264FA92480} - C:\WINDOWS\System32\awtss.dll

    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

    O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\pmnnmnk.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe

    O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start

    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winBC.exe

    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe

    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe

    O4 - HKLM\..\Run: [License] locker.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Startup: findfast.exe

    O4 - Global Startup: autorun.exe

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O10 - Unknown file in Winsock LSP: wsock3.dll

    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

    O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll

    O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe

    O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe



    --

    End of file - 3661 bytes

     
    wrayboy, Jan 4, 2008
    #3
  4. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Yes, your system is still infected. HijackThis was not able to remove all your viruses. This may take a few different cleaners to do the job.

    Download comboFix to your desktop. http://forums.majorgeeks.com/showthread.php?t=134965

    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
    QuikDraw, Jan 6, 2008
    #4

Share This Page