Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 10.3.2025 / 03:45
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log please check and help if possible
Show topics
 
Forums
Forums
Hijackthis log please check and help if possible
  Jump to:
 
Posted Message
wrayboy
Newbie
_ 		1. January 2008 @ 16:54 _ Link to this message    Send private message to this user   
This is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:41:22, on 01/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Parallels\Parallels Tools\cohrence.exe
C:\WINDOWS\shell.exe
C:\Program Files\Parallels\Parallels Tools\toolsrv.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rundll32.exe
E:\Jasc Software\Animation Shop 3\anim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\awtss.exe
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: {15062684-a77d-e3ca-9054-31fdb5655b43} - {34b5565b-df13-4509-ac3e-d77a48626051} - C:\WINDOWS\System32\mwtqignf.dll
O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)
O2 - BHO: (no name) - {B44F62BA-6BA5-42E9-896A-1AF57325955A} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\System32\pmnnmnk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winBC.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [64cfbac3] rundll32.exe "C:\WINDOWS\System32\kjscneac.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll
O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe
O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe

--
End of file - 4266 bytes
[ + quote]
HELP PLZ
QuikDraw
Senior Member
_ 		1. January 2008 @ 18:00 _ Link to this message    Send private message to this user   
Pretty good mess! Will take a few steps to remove infections. Reboot into Safe mode. Run HJK. Do a scan only. Place check marks next to all the items listed below. Click, fix checked. Reboot. Run HJK, again. Post a new log.

C:\WINDOWS\shell.exe

C:\WINDOWS\mgrs.exe

E:\Jasc Software\Animation Shop 3\anim.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

F3 - REG:win.ini: load=C:\WINDOWS\System32\awtss.exe

O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)

O2 - BHO: {15062684-a77d-e3ca-9054-31fdb5655b43} - {34b5565b-df13-4509-ac3e-d77a48626051} - C:\WINDOWS\System32\mwtqignf.dll

O2 - BHO: Google Module - {531BE052-76FC-4b05-9CCD-AF6AA265113C} - strike12.dll (file missing)

O2 - BHO: (no name) - {B44F62BA-6BA5-42E9-896A-1AF57325955A} - C:\WINDOWS\System32\awtss.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\System32\pmnnmnk.dll

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe

O4 - HKLM\..\Run: [64cfbac3] rundll32.exe "C:\WINDOWS\System32\kjscneac.dll",b

O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll

O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll
[ + quote]

This message has been edited since posting. Last time this message was edited on 1. January 2008 @ 18:19
wrayboy
Newbie
_ 		4. January 2008 @ 15:37 _ Link to this message    Send private message to this user   
Ok, i've done everyting. But I still have the virus. and er, thanks.
Can you check this logfile please ?
Thanks.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:26:57, on 04/01/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Parallels\Parallels Tools\cohrence.exe

C:\Program Files\Parallels\Parallels Tools\toolsrv.exe

C:\WINDOWS\TEMP\D7ADC57D.exe

C:\WINDOWS\locker.exe

C:\WINDOWS\wl.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\shell.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe



F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O2 - BHO: (no name) - {67A02F72-2791-473B-9916-95264FA92480} - C:\WINDOWS\System32\awtss.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\pmnnmnk.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe

O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winBC.exe

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe

O4 - HKLM\..\Run: [License] locker.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O10 - Unknown file in Winsock LSP: wsock3.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: pmnnmnk - C:\WINDOWS\SYSTEM32\pmnnmnk.dll

O20 - Winlogon Notify: winvax32 - C:\WINDOWS\SYSTEM32\winvax32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe

O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe



--

End of file - 3661 bytes


[ + quote]
HELP PLZ
Advertisement
_ 		__
 
_
QuikDraw
Senior Member
_ 		6. January 2008 @ 17:32 _ Link to this message    Send private message to this user   
Yes, your system is still infected. HijackThis was not able to remove all your viruses. This may take a few different cleaners to do the job.

Download comboFix to your desktop. http://forums.majorgeeks.com/showthread.php?t=134965

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis log please check and help if possible
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork