PDA

View Full Version : Eerp.


bongobob
2006-03-13, 07:38
Well, I've been having some malware problems. And I found this on google: http://forums.spybot.info/showthread.php?t=2542

Basically, I'm having the same problems as this person. they didnt get help because their hijackthis is out of date. So I was hoping I would get some help for myself.

Logfile of HijackThis v1.99.1
Scan saved at 12:40:38 Shineyrise, on 3/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\527B.tmp
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sysmtapi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis-Anti-spyware\new\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gecko-games.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Internet *Dun Dun Dun*
F2 - REG:system.ini: Shell=explorer.exe,1252et40.exe,sysmtapi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\1252et40.exe,C:\WINDOWS\System32\sysmtapi.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [load32] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Internet Player] C:\WINDOWS\System32\sysmtapi.exe
O4 - HKCU\..\Run: [Internet Player] C:\WINDOWS\System32\sysmtapi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4713/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73C0442-189B-4C1A-BCA7-F8FD9BD12C00}: NameServer = 4.2.2.1,4.2.2.2,4.2.2.3,4.2.2.4,4.2.2.5,4.2.2.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\i406leds1h06.dll
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ir0ml5d11.dll (file missing)
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O21 - SSODL: Security Media - {A294576B-65E2-47BC-99E7-21AE320C8363} - C:\WINDOWS\System32\tmpe8597.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
LonnyRJones
2006-03-13, 14:22
Welcome to the forum
Limit your internet access as much as possible

Run Hijackthis click >"config" then "misc tools" >"delete file on reboot"
and delete each of these file's, click no to the message to restart the PC after each. (exact spelling counts!!! so dont browse to the files)
Copy/Paste these into the File name box then click Open, one at a time of cource.

C:\WINDOWS\system32\dvd4free.dll

C:\WINDOWS\system32\dvdkernl.sys
C:\WINDOWS\SYSTEM32\sndmixex.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\SYSTEM32\ssldr32.dll
C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll

Hit >back< then > Scan and Place a check next to these items.
F2 - REG:system.ini: Shell=explorer.exe,1252et40.exe,sysmtapi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\1252et40.exe,C:\WINDOWS\System32\sysmtapi.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Internet Player] C:\WINDOWS\System32\sysmtapi.exe
O4 - HKCU\..\Run: [Internet Player] C:\WINDOWS\System32\sysmtapi.exe
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\ir0ml5d11.dll (file missing)
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O21 - SSODL: Security Media - {A294576B-65E2-47BC-99E7-21AE320C8363} - C:\WINDOWS\System32\tmpe8597.dll
=============
Now hit fix checked close hijackthis and restart your PC

After windows restarts run hiajckthis and fix these item's..
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll(file missing)
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll

scan again then save log and post it
tashi
2006-03-18, 20:37
Due to lack of a response this topic will be archived.

If you have not resolved the problem, please send me a pm to re-open the thread and provide a link to this topic.