Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Friend Needs Help


  • Please log in to reply
1 reply to this topic

#1 Sparda

Sparda

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 19 May 2007 - 06:39 PM

My friend's computer was running just fine and fast when a message about a trojan popped up. He thought his best option was to reformat his comp, which is what he did. However, after doing so, his comp ended up running a lot slower. Anyways, I sent him HiJackThis and this is his log:

Logfile of HijackThis v1.99.1
Scan saved at 4:20:10 PM, on 5/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunesSetup.exe
c:\program files\aim6\anotify.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\Devin\LOCALS~1\Temp\IXP175.TMP\iTunesSetupAdmin.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\SEMBLY~1\nopdb.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\System32\qwinlodv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Devin\Application Data\?dobe\??rvices.exe
C:\WINDOWS\System32\SBO\SB1065.exe
C:\WINDOWS\system32\smpi1\lb66.exe
C:\DOCUME~1\Devin\LOCALS~1\Temp\GLB9C.tmp
C:\WINDOWS\retadpu1000106.exe
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
C:\Documents and Settings\Devin\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\duvpkltn.dll",realset
O4 - HKLM\..\Run: [{AB-B6-65-50-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Traa] "C:\WINDOWS\SEMBLY~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Tqc] "C:\Documents and Settings\Devin\Application Data\?dobe\??rvices.exe"
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Devin\Local Settings\Temp\TICHD003.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 20 May 2007 - 03:38 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Sparda :thumbsup:

You're friend is extremely badly infected due to the fact that he/she has no virus protection or a firewall installed.

Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Active Virus Shield
There's a nice setup tutorial Here:
http://www.activevirusshield.com/antivirus/freeav/

*************************

Download\install one of the following freeware firewall options from the choice below.

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/

Once you've finished,restart your pc and post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users