| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97907 | 2009-03-03 23:47:00 | HJT file...please help | TiJay (6055) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 753114 | 2009-03-03 23:47:00 | At a friend's house...his computer is totally eviscerated...and I went through a prefunctory HJT file, but i'm still getting the LP5 error...if I can't fix it here, i'll take his Hard Drives out and to my house to scan them as externals...i don't want to risk my computer though...please help! | TiJay (6055) | ||
| 753115 | 2009-03-03 23:48:00 | Whoops...might need to post the file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:37:54 PM, on 3/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hgcheck.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe c:\windows\$ntunistalls\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {30515A01-F593-4AFF-A042-3EE32A57CB8F} - c:\windows\system32\aanjwyg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe O4 - HKLM\..\Run: [hgcheck] C:\WINDOWS\system32\hgcheck.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [yahijesiyu] Rundll32.exe "C:\WINDOWS\system32\mabiyono.dll",s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16 O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-21-776561741-1214440339-839522115-500\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') O4 - HKUS\S-1-5-18\..\Run: [comidle] "C:\Documents and Settings\Administrator\Application Data\comidle\comidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092C BD44BD8689220221DD3257 (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\.DEFAULT\..\Run: [comidle] "C:\Documents and Settings\Administrator\Application Data\comidle\comidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092C BD44BD8689220221DD3257 (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-01.sun.com O20 - Winlogon Notify: mmbiirkd - C:\WINDOWS\SYSTEM32\aanjwyg.dll O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe O23 - Service: Tcp ipx Service (Tcpipsrv) - Unknown owner - c:\windows\$ntunistalls\svchost.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 4942 bytes |
TiJay (6055) | ||
| 753116 | 2009-03-04 03:20:00 | Disable system restore Tick these then tick fix checked first. DON'T do online banking on this, until you fix it Close browsers. Delete the files in bold. Dont delete the files in bold, until you tick fix checked, and reboot C:\WINDOWS\system32\inf\rundll33.exe c:\windows\$ntunistalls\svchost.exe (make sure you delete this file in this folder) C:\WINDOWS\system32\hgcheck.exe O2 - BHO: (no name) - {30515A01-F593-4AFF-A042-3EE32A57CB8F} - c:\windows\system32\aanjwyg.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [hgcheck] C:\WINDOWS\system32\hgcheck.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [yahijesiyu] Rundll32.exe "C:\WINDOWS\system32\mabiyono.dll",s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16 O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O20 - Winlogon Notify: mmbiirkd - C:\WINDOWS\SYSTEM32\aanjwyg.dll O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe - trojan O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe - trojan O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe - worm O23 - Service: Tcp ipx Service (Tcpipsrv) - Unknown owner - c:\windows\$ntunistalls\svchost.exe Then reboot, then get trojan remover below, or click here (www.simplysup.net) <- direct link. Update then scan. Then select all options under the utilities menu Once you do the above change any passwords, if you do online banking. Then install an AV program on it |
Speedy Gonzales (78) | ||
| 1 | |||||