| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96190 | 2009-01-02 01:39:00 | Error at start-up! | mark1978 (13845) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 734257 | 2009-01-02 03:11:00 | Thanks guys! I am on it right now...how do you guys read these Hijacks...its al goble di goe to me! Some of its experience and know what to look for ( common "things not right") - other times we have access to a DE - goble di go'er :lol: - As Pctek mention they dont always show everything - thats where experience comes in. Only thing that is certain you have to be on the ball for new threats all the time. |
wainuitech (129) | ||
| 734258 | 2009-01-02 07:25:00 | I am still downloading SP3 and I will post a new Hijack tomorrow, thanks you guys!! | mark1978 (13845) | ||
| 734259 | 2009-01-02 19:18:00 | Could you guys analyze this? Malwarebytes' Anti-Malware 1.31 Database version: 1597 Windows 5.1.2600 Service Pack 3 3/01/2009 8:03:43 a.m. mbam-log-2009-01-03 (08-03-43).txt Scan type: Full Scan (C:\|) Objects scanned: 81471 Time elapsed: 24 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And this! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:56 a.m., on 3/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programms\ESET NOD32 Antivirus\ekrn.exe C:\Programms\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programms\ESET NOD32 Antivirus\egui.exe C:\Programms\Trojan Remover\Trjscan.exe C:\Programms\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ccs-cwc-px01:3128 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAMMS\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\khfFYPHY.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [egui] "C:\Programms\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TrojanScanner] C:\Programms\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programms\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRAMMS\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRAMMS\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.admin2cash.biz O15 - Trusted Zone: *.bettersearch.biz O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.private-dialer.biz O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.traffic2cash.biz O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O20 - Winlogon Notify: khfFYPHY - C:\WINDOWS\SYSTEM32\khfFYPHY.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programms\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programms\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FYUCZPJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DRAGON\LOCALS~1\Temp\FYUCZPJ.exe O23 - Service: KZKREYGIHC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DRAGON\LOCALS~1\Temp\KZKREYGIHC.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programms\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: My Current Home Page - About:Home -- End of file - 5520 bytes |
mark1978 (13845) | ||
| 734260 | 2009-01-02 19:25:00 | Looks like u may have a vundo infection. Disable system restore Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\khfFYPHY.dll O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.admin2cash.biz O15 - Trusted Zone: *.bettersearch.biz O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.private-dialer.biz O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.traffic2cash.biz O20 - Winlogon Notify: khfFYPHY - C:\WINDOWS\SYSTEM32\khfFYPHY.dll O23 - Service: FYUCZPJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DRAGON\LOCALS~1\Temp\FYUCZPJ.exe O23 - Service: KZKREYGIHC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DRAGON\LOCALS~1\Temp\KZKREYGIHC.exe Since trojan remover is installed update it then scan, then select all options under the utilities menu. Do the same with malwarebytes O24 - Desktop Component 0: My Current Home Page - about:Home Then get ccleaner, install it close browsers, run it, click on run cleaner |
Speedy Gonzales (78) | ||
| 734261 | 2009-01-03 00:36:00 | Am affraid it is not making any difference! What to do now?? Post another Hijack?? | mark1978 (13845) | ||
| 734262 | 2009-01-03 00:43:00 | Well if you cant get rid of those entries, theres no point in posting another log, if its the same Its not making any diff?? How? Did u do the above in my post? |
Speedy Gonzales (78) | ||
| 734263 | 2009-01-03 00:49:00 | Yes I followed the instructions you gave me.. Is it not better to format and start over again, or is it better to find a programm that wil remove it?? | mark1978 (13845) | ||
| 734264 | 2009-01-03 00:57:00 | Well you can format if u want, but you'll have to install the drivers etc after So, what exactly is it doing, or not doing? Or get teamviewer (http://www.teamviewer.com) And I'll check it out from here |
Speedy Gonzales (78) | ||
| 734265 | 2009-01-03 01:02:00 | Speedy, Malwarebytes just removed 2 infected vudo trojans, want me to post hijack? So if I install teamviewer you can log into my pc and see what the problem is?? |
mark1978 (13845) | ||
| 734266 | 2009-01-03 01:09:00 | If you want | Speedy Gonzales (78) | ||
| 1 2 3 | |||||