PLEASE HELP, CANT INSTALL or ANYTHING !!

BullGuard Antivirus Forum > General Security > Spyware > PLEASE HELP, CANT INSTALL or ANYTHING !!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

JUSTINotherguy08
New Member

Date Joined Nov 2007
Total Posts : 3

Posted Yesterday 8:50 (GMT +1)

Ok, so i try to install any program, once i click on the setup it exits out. i went to monitor the process, and everytime it closes a new process is on the list and it looks like this, i.e. "is-2C780D tmp." My desktop keeps needing to be restored,i've downloaded a spyware removal, it removed the spyware, and it still doesnt let me download or anything like that..

I have the LOGFILE from Hijackthis Can someone please help me !!!!:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:34:55 AM, on 11/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hpvmlfjh.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\win102A.tmp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\DOCUME~1\Justin\APPLIC~1\YSTEM~1\ping.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Justin\LOCALS~1\Temp\monagent.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\monserver.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\synpower.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\looksyn.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\hostwin.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\serversyn.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\monhost.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\power32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Justin\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Xxwmozjj\occeqgnq.dll
O2 - BHO: (no name) - {2096DCCA-98C2-4F91-A5A7-496119C3A7D4} - C:\WINDOWS\system32\pmnli.dll
O2 - BHO: (no name) - {2D628D87-D0A3-6203-4E86-09D91C6DD614} - C:\Program Files\Rfjtqzoa\ydwxvmwk.dll
O2 - BHO: (no name) - {58E9AC24-5A2A-4908-9E3B-0633C0F8DF30} - C:\WINDOWS\system32\nnnnlkk.dll
O2 - BHO: CoolBHO - {5C2A9795-B130-4622-B036-BDCAD28602DC} - C:\Program Files\Cool\Cool.dll
O2 - BHO: Flash Module - {68D5BBF9-EED5-4125-B227-55F81540BF4D} - simcard1.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tgjrquog.dll
O2 - BHO: (no name) - {9FD6E4F0-339D-4CD3-AF94-3A44AC9AE3D5} - C:\WINDOWS\system32\ssttq.dll
O2 - BHO: (no name) - {A8894CAB-237D-4E99-BC84-B8E4D7533087} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: (no name) - {C003C506-F4D0-42F2-813F-EF7EC87D09A2} - C:\WINDOWS\system32\ssttq.dll
O2 - BHO: (no name) - {D67D3B3B-D75C-442A-A225-43F76159F79F} - C:\Program Files\Messenger\tezole555077.dll
O2 - BHO: (no name) - {E3F8D94F-448C-4A5C-D228-38E675835892} - C:\WINDOWS\system32\lbih.dll
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win102A.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [{3A-AA-A4-4C-ZN}] C:\Documents and Settings\`Justin\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\iaefaums.dll",b
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhaj.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Uesl] "C:\DOCUME~1\Justin\APPLIC~1\YSTEM~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Ghnxiqhb] C:\WINDOWS\W?nSxS\e?plorer.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\`Justin\Local Settings\Temp\T0CHD001.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: nnnnlkk - C:\WINDOWS\SYSTEM32\nnnnlkk.dll
O20 - Winlogon Notify: winzzd32 - C:\WINDOWS\SYSTEM32\winzzd32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hpvmlfjh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\certesomu.html

--
End of file - 6522 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted Yesterday 9:03 (GMT +1)

Hello

Sorry to say, a reinstall of Windows are strongly recommended, as it is You have a huge number of infections in the log -

http://safecomputing.umn.edu/guides/xpinstall.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

JUSTINotherguy08
New Member

Date Joined Nov 2007
Total Posts : 3

Posted Yesterday 9:14 (GMT +1)

would reinstalling windows be my absolute ONLY resort ?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted Yesterday 9:18 (GMT +1)

Unfortunality yes, your machine is so infected, you will very likely not be able to regain complete control of the system

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

JUSTINotherguy08
New Member

Date Joined Nov 2007
Total Posts : 3

Posted Yesterday 9:22 (GMT +1)

:( thanks..

well i have to reorder to boot disc, in the meantime, can u tell me some of the viruses i can delete through hijackthis right now ?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted Yesterday 9:34 (GMT +1)

What We can see in hijackthis log, is only small pieces of the infections, therefore it Won´t do any good fixing them

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Thursday, November 20, 2008 9:34 PM (GMT +1)
There are a total of 63.945 posts in 15.823 threads.
In the last 3 days there were 33 new threads and 162 reply posts. View Active Threads