Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mroberts3

Mroberts3

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 January 2009 - 07:32 PM

Hi folks,

my computer started running slower and I am getting popups after showing some friends a TV show from a streaming site (I should have just bit-torrented it again).

Anyway, I ran my AVG and it found no viruses. Next I ran Trend Micro's online scanner and it picked up something called "Vundo or Virtumonde" or similar. I tried to delete it (a second scan showed no malware, but the ads continue).

Now I have run Hijack This as people have been able to use it in the past to help me, but I don't know what to do with it, so here I am!

Please tell me what my log means and I will be eternally grateful.

Cheers,

Matt

Attached Files


Edited by Mroberts3, 13 January 2009 - 07:36 PM.


BC AdBot (Login to Remove)

 


#2 Mroberts3

Mroberts3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 January 2009 - 09:50 PM

Also, here is a DDS scan if it helps...


DDS (Ver_09-01-07.01) - NTFSx86
Run by Matt Roberts at 18:45:51.74 on Tue 01/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.596 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Matt Roberts\My Documents\My Downloads\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {3d054393-38ac-e83b-0b84-25eba5475f72}: {27f5745a-be52-48b0-b38e-ca83393450d3} - c:\windows\system32\lfcliv.dll
BHO: {46691e82-7d14-421a-b876-e68b0db55fe0} - c:\windows\system32\opnnopnm.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJBRLeC.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {a83ac11e-4278-4dae-b840-64ee60808421} - c:\windows\system32\tuvsqRHa.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [dxlock]
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [emMON] emMON.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [58f01531] rundll32.exe "c:\windows\system32\kxkqfwwq.dll",b
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mattro~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: mlJBRLeC - mlJBRLeC.dll
AppInit_DLLs: avgrsstx.dll lfcliv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJBRLeC.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvsqRHa

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattro~1\applic~1\mozilla\firefox\profiles\gawp0seb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-9 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-9 26824]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2007-8-16 191092]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-13 38496]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2007-8-16 6100]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-9 231704]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-01-13 18:36 <DIR> --d----- c:\docume~1\mattro~1\applic~1\Malwarebytes
2009-01-13 18:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-13 18:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 18:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 18:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-13 15:56 <DIR> --d----- c:\documents and settings\matt roberts\.housecall6.6
2009-01-13 14:52 129,024 a------- c:\windows\system32\lfcliv.dll
2009-01-13 14:52 129,024 a------- c:\windows\system32\hygijsvs.dll
2009-01-13 14:49 1,348,813 ---sh--- c:\windows\system32\qwwfqkxk.ini
2009-01-13 14:49 72,704 a------- c:\windows\system32\kxkqfwwq.dll
2009-01-13 14:49 1,695,516 a--sh--- c:\windows\system32\aHRqsvut.ini2
2009-01-13 14:49 1,695,516 a--sh--- c:\windows\system32\aHRqsvut.ini
2009-01-13 14:49 302,592 a------- c:\windows\system32\tuvsqRHa.dll
2009-01-12 21:49 <DIR> --d----- C:\VundoFix Backups
2009-01-11 22:32 19,054 a--sh--- c:\windows\system32\mnponnpo.ini2
2009-01-11 22:32 19,070 a--sh--- c:\windows\system32\mnponnpo.ini
2009-01-11 22:27 36,352 -------- c:\windows\system32\mlJBRLeC.dll
2008-12-27 16:33 <DIR> --d----- c:\program files\CarbonPoker
2008-12-19 16:19 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-12-12 08:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 08:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-29 20:34 19,558 a------- c:\windows\hpoins01.dat
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2008-08-29 13:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 18:47:55.88 ===============

#3 Mroberts3

Mroberts3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 14 January 2009 - 12:27 AM

I seem to have fixed it...this thread can be closed, I will open a new one if problems continue.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:05 PM

Posted 19 January 2009 - 08:21 AM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users