0

I apologize before hand if I seem rude in anyway but I really need help and have kind of sort of ran out of patience(Oh, how selfish).

And, I've barely run anything to help fix any problems since my computer either shuts down, or I am unable to download a product and install. I have done a virus scan though...but they keep coming back...

Anywho, here's two HiJackThis Logs, one's in safe mode the other in Normal:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:59 PM, on 12/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\shell.exe
C:\Documents and Settings\Patrice\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
B1894E754BE54C29159A7DBE80DC744B6CDE3F516CAC59B6
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [meden] C:\Program Files\Common Files\meden77798.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Windows Configure] c:\windows\system32\syscfg32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [606c6fad] rundll32.exe "C:\WINDOWS\System32\psuoputf.dll",b
O4 - HKLM\..\RunServices: [Windows Configure] c:\windows\system32\syscfg32.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Patrice\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Patrice\Application Data\Microsoft\Windows\orrdxjf.exe
O4 - HKCU\..\Run: [Ltho] "C:\WINDOWS\System32\DOBE~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [Plpndzdm] C:\WINDOWS\system32\F?nts\??rvices.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Patrice\Application Data\ykoradxd.exe
O4 - HKCU\..\Run: [Windows Rescue System] C:\DOCUME~1\Patrice\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [Access Control App] C:\DOCUME~1\Patrice\LOCALS~1\Temp\winsto.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196024836700
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\mdtaodiy.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqegadab.html

--
End of file - 6796 bytes

Normal:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:50 PM, on 12/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\meden77798.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Router\Router.exe
C:\Program Files\WinAble\winable.exe
C:\Documents and Settings\Patrice\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Patrice\Application Data\Microsoft\Windows\orrdxjf.exe
C:\Documents and Settings\Patrice\Application Data\ykoradxd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Patrice\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
B1894E754BE54C29159A7DBE80DC744B6CDE3F516CAC59B6
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [meden] C:\Program Files\Common Files\meden77798.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Windows Configure] c:\windows\system32\syscfg32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [606c6fad] rundll32.exe "C:\WINDOWS\System32\psuoputf.dll",b
O4 - HKLM\..\RunServices: [Windows Configure] c:\windows\system32\syscfg32.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Patrice\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Patrice\Application Data\Microsoft\Windows\orrdxjf.exe
O4 - HKCU\..\Run: [Ltho] "C:\WINDOWS\System32\DOBE~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [Plpndzdm] C:\WINDOWS\system32\F?nts\??rvices.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Patrice\Application Data\evvtattki.exe
O4 - HKCU\..\Run: [Windows Rescue System] C:\DOCUME~1\Patrice\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [Access Control App] C:\DOCUME~1\Patrice\LOCALS~1\Temp\winsto.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196024836700
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C028924-1E6F-4D65-B976-233AC32BC320}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\mdtaodiy.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqegadab.html

--
End of file - 7827 bytes
----------------------------------
Information:
I can't access the control Panel, The Clock or my desktop/background.
In The corner near the clock where the icons are, are two very annoying yellow triangles with a black exclamation point that says: Your Computer is infected! Windows has detected spyware infection. And other things, and I highly doubt it's legit, but I'm not the comp. expert here.

I get other popups telling me to download a spyware remover. But not like internet popups...like Warning popups.

Norton has removed things like: Adware.Mirar, Spyware.Isearch, TrojanAdclicker...I'm not sure if that's important, just thought I'd share.

I wasn't able to download the spybot as something/someone kept closing it.
I don't know if Housecall finished scanning because when I returned to my computer it had restarted itself. And I couldn't access the McAfee website to download the stinger either.

Right now I'm using Firefox V.2.0

Also I have a hard time operating in SafeMode(that's all screwey too)so it would be great if everything can be done outside of that. and there's two seperate accounts(Admin and Mines) which I'm quite sure never used to be like that, but it's possible since I don't use it much...

And...if you need to know anything else, please ask.
--------------------

2
Contributors
7
Replies
8
Views
9 Years
Discussion Span
Last Post by Suspishio
0

Well this isn't that helpful as that is someone else's problem and I wouldn't know what to do after all that...but thank you...

0

The point is that more or less everybody comes up with someone else's solved problem. You can follow the steps there to try and fix your problem.

Also on this forum, the same problem has occurred a number of times and you can follow the solution steps there.

Your big problem is that the accredited malware crunchers on this forum may simply be having a seasonal rest and unless you do some of this stuff yourself, you'll be in this mess for some time yet.

Your underlyimg problem is that whatever ant-spyware stuff you're using, it can't get rid of the trojan that's running. And every time you reboot, it respawns.
There's my famous DIY post of 3-Sep (search under the mispelt term "Virtunonde") - which will guide you step by step through this mess using a different approach. The method suggests you use a second PC. If you haven't got one, a second hard drive with a clean system on it and your infected disk slaved or in a USB enclosure will do the trick for removing the malware.

You've got to hope that the trojan hasn't corrupted Windows. if it has, you'll need to do a Windows repair from the Windows CD.

Come back whenever you need to.

0

I am Happy to say, ComboFix did an amazing job and my computer is now HiJack Free...thanks sooo much!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.