Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious problems, HJTlog


  • This topic is locked This topic is locked
2 replies to this topic

#1 EffingHateVista

EffingHateVista

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 March 2009 - 06:20 AM

Put simply i've been trojan'd like a mutha*****

My laptop is shared equally with the people in my house (sheltered accomodation) so god knows what they do with it..

But last night when using it I discovered that i could not access spybot s+d, my internet was connected but i could not use it (tried erstarting router), and i recieved a blue screen of death..

Aaaand to top it all off, my HJT log seems incredibly short..

So, help? And it needs to be quick as i only have internet access at my friends house for a few hours, possibly tomorrow at the latest..Sorry guys.

-=-=-=-=-=-=-=-=-=-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:26, on 05/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

--
End of file - 1755 bytes

-=-=-=-=-
DDS
-=-=-=-=-


DDS (Ver_09-02-01.01) - NTFSx86
Run by Lolwut at 11:36:16.92 on 05/03/2009
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1219 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
E:\Adam Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-system: EnableLUA = 0 (0x0)

================= FIREFOX ===================

FF - ProfilePath - c:\users\lolwut\appdata\roaming\mozilla\firefox\profiles\vb5dovog.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\lolwut\appdata\roaming\mozilla\firefox\profiles\vb5dovog.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-23 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-23 107272]
R2 33180;33180;c:\windows\system32\33180.sys [2009-2-21 4096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-23 298264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-5 1153368]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-2-21 1373480]

=============== Created Last 30 ================

2009-03-05 11:27 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-05 11:15 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 10:59 65,536 -------- c:\windows\SPInstall.etl
2009-03-05 09:29 <DIR> --d----- c:\windows\pss
2009-03-04 23:06 <DIR> -cd----- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-04 23:06 <DIR> -cd----- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-04 21:33 <DIR> --d----- c:\program files\CCleaner
2009-03-04 21:01 <DIR> a-d----- c:\programdata\TEMP
2009-03-04 20:45 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-03-04 11:47 <DIR> --d----- c:\program files\Bonjour
2009-03-04 11:35 <DIR> --d----- c:\program files\DivxAccess
2009-03-04 11:32 359 ---shr-- C:\autorun.inf
2009-03-04 10:50 5 a------- c:\windows\sbacknt.bin
2009-03-04 10:42 152,904 a------- c:\windows\system32\vghd.scr
2009-03-04 10:42 <DIR> --d----- c:\program files\vghd
2009-03-04 10:42 <DIR> --d----- c:\users\lolwut\appdata\roaming\vghd
2009-03-03 18:13 <DIR> --d----- c:\program files\common files\xing shared
2009-03-03 18:12 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-03 18:12 <DIR> --d----- c:\program files\common files\Real
2009-03-03 18:07 168,448 a------- c:\windows\system32\unrar.dll
2009-03-03 18:07 839,680 a------- c:\windows\system32\lameACM.acm
2009-03-03 18:07 118,784 a------- c:\windows\system32\ac3acm.acm
2009-03-03 18:07 414 a------- c:\windows\system32\lame_acm.xml
2009-03-03 18:07 795,648 a------- c:\windows\system32\xvidcore.dll
2009-03-03 18:07 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-03-03 18:07 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-03-03 18:07 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-03-03 18:07 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-03-03 18:07 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-03 18:07 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-03-03 18:07 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-03 17:58 <DIR> --d----- C:\WorldofWarcraft
2009-03-03 16:35 <DIR> --d----- c:\users\lolwut\appdata\roaming\AccurateRip
2009-03-03 16:35 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-03-03 16:27 <DIR> --d----- c:\users\lolwut\appdata\roaming\BitTorrent
2009-03-03 16:27 <DIR> --d----- c:\users\lolwut\appdata\roaming\DNA
2009-03-03 16:27 <DIR> --d----- c:\program files\DNA
2009-03-03 16:27 <DIR> --d----- c:\program files\BitTorrent
2009-03-01 17:50 <DIR> --d----- c:\programdata\Apple Computer
2009-03-01 17:50 <DIR> --d----- c:\programdata\Apple
2009-03-01 14:41 <DIR> --d----- c:\program files\ISM
2009-03-01 10:24 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-03-01 10:24 <DIR> --d----- c:\program files\DivX
2009-02-26 19:44 <DIR> --d----- c:\program files\Sony Ericsson
2009-02-24 12:07 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-23 14:14 <DIR> --d----- c:\users\lolwut\Tracing
2009-02-23 13:38 <DIR> --d----- c:\program files\Microsoft
2009-02-23 13:38 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-23 13:37 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-23 13:37 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-23 13:37 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-23 13:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-23 13:37 <DIR> --d----- c:\programdata\avg8
2009-02-23 13:37 <DIR> --d----- c:\program files\AVG
2009-02-23 13:37 <DIR> --d----- c:\progra~2\avg8
2009-02-23 13:37 <DIR> --d----- c:\windows\PCHEALTH
2009-02-23 13:33 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-22 18:16 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-22 18:16 83,456 a------- c:\windows\system32\wudriver.dll
2009-02-22 18:16 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-22 18:16 31,232 a------- c:\windows\system32\wuapp.exe
2009-02-22 18:05 270 a------- c:\windows\wininit.ini
2009-02-22 18:05 218 a------- c:\windows\wininit.tmp
2009-02-22 17:49 920,088 a------- c:\windows\system32\igxpun.exe
2009-02-22 17:49 <DIR> --d----- c:\windows\system32\x64
2009-02-22 17:49 319,456 a------- c:\windows\system32\difxapi.dll
2009-02-22 17:47 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-22 17:47 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-21 18:00 <DIR> --d----- c:\windows\Panther
2009-02-21 17:59 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-02-21 17:59 438,840 a--shr-- C:\bootmgr
2009-02-21 17:59 <DIR> --dsh--- C:\Boot
2009-02-21 17:20 <DIR> --d----- c:\program files\Lionhead Studios Ltd
2009-02-21 17:08 <DIR> --d----- c:\programdata\Adobe Systems
2009-02-21 17:08 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-02-21 17:07 <DIR> --d----- c:\programdata\Adobe
2009-02-21 16:54 <DIR> --d----- c:\users\lolwut\appdata\roaming\WTablet
2009-02-21 16:54 2,684,200 a------- c:\windows\system32\PenTablet.cpl
2009-02-21 16:54 1,380,680 a------- c:\windows\system32\PenTablet.znc
2009-02-21 16:54 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
2009-02-21 16:54 12,848 a------- c:\windows\system32\drivers\wacomvhid.sys
2009-02-21 16:54 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
2009-02-21 16:54 <DIR> --d----- c:\windows\system32\WTablet
2009-02-21 16:54 1,373,480 a------- c:\windows\system32\Pen_Tablet.exe
2009-02-21 16:54 181,544 a------- c:\windows\system32\Wintab32.dll
2009-02-21 16:54 128,296 a------- c:\windows\system32\Pen_Tablet.dll
2009-02-21 16:54 <DIR> --d----- c:\program files\Tablet
2009-02-21 10:27 <DIR> -cd-h--- c:\programdata\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2009-02-21 10:27 <DIR> -cd-h--- c:\progra~2\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2009-02-21 10:27 <DIR> --dsh--- c:\windows\Installer
2009-02-21 10:22 58,792 a------- c:\windows\system32\wbload.dll
2009-02-21 10:22 42,672 a------- c:\windows\system32\wbsys.dll
2009-02-21 10:22 <DIR> --d----- c:\program files\Stardock
2009-02-21 10:13 7 a------- c:\windows\system32\CurrentName.dat
2009-02-21 10:13 4,096 a------- c:\windows\system32\33180.sys
2009-02-21 10:10 <DIR> --d----- c:\users\Lolwut
2009-02-21 10:00 196,638,543 a------- c:\windows\DUMP66dc.tmp
2009-02-21 10:00 186,656,527 a------- c:\windows\DUMP2432.tmp
2009-02-21 10:00 108,457,351 a------- c:\windows\DUMP2a69.tmp
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

==================== Find3M ====================

2009-03-04 12:44 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-04 12:44 86,016 a------- c:\windows\inf\infstor.dat
2009-03-04 12:44 51,200 a------- c:\windows\inf\infpub.dat
2009-02-22 18:36 1,686,528 a------- c:\windows\system32\gameux.dll
2009-02-21 18:45 16,189,952 a------- c:\windows\system32\imageres.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 00:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 00:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 02:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 02:28 57,344 a------- c:\windows\system32\dpv11.dll
2006-11-02 12:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:38:18.42 ===============

Edited by EffingHateVista, 05 March 2009 - 06:41 AM.


BC AdBot (Login to Remove)

 


#2 EffingHateVista

EffingHateVista
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 March 2009 - 06:48 PM

Solved it with a complete reinstall, borrowed a mates external HDD to backup crap, tried not to backup any .rars
unless you think i may still have issues, then you can delete this post, cheers.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:07 PM

Posted 05 March 2009 - 10:53 PM

Thank you for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users