| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95434 | 2008-12-06 07:22:00 | please help me | killa275 (11593) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 726217 | 2008-12-06 07:22:00 | Guys i have a virus i think.I go to google an type anything into the search bar an it will open a new window with links to buy anti virus softwere.I cant get access to spy bot i click it an it will not open even in safe mode cant get anything to update just get errors saying cant connect to the net System restore is set to today:mad: can someone please help here is a HJT log thanks:) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:17 PM, on 12/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - support.microsoft.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.srtest.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - 147.97.204.103 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6244 bytes |
killa275 (11593) | ||
| 726218 | 2008-12-06 07:29:00 | Get Malwarebytes below. Update it then scan Tick these, then tick fix checked Close browsers O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Tick this, if you dont use Nero Home O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" Uninstall all versions of Java, then update it Uninstall Adaware, and keep Malwarebytes |
Speedy Gonzales (78) | ||
| 726219 | 2008-12-06 07:37:00 | Thats the thing cant even update it yet alone make it run:mad: | killa275 (11593) | ||
| 726220 | 2008-12-06 07:45:00 | The bug you have will be stopping you from going to any antispyware sites to fix it. Click on This link here (projects.securitywonks.net) its a direct download for Malwarebytes, should come through fine. You also want to put in Spyware Terminator (dnl.spywareterminator.com) & Trojan Remover (www.simplysuponline.com) --- Also Ccleaner (www.filehippo.com be5b96ecd5c676/)Those links are also direct downloads. |
wainuitech (129) | ||
| 726221 | 2008-12-06 07:54:00 | If the computer is too slow or unstable to run these applications, boot into safe mode with networking. Remember to turn off system restore first: Right click My Computer>Properties>System Restore Tab>Tick "Turn off system restore on all drives" |
Blam (54) | ||
| 726222 | 2008-12-06 07:55:00 | I can install them but when i go to open them they don't open even in safe mode | killa275 (11593) | ||
| 726223 | 2008-12-06 07:58:00 | Uninstall AVG, you should only have 1 AV program. Disable system restore Reboot, then try Then scan with NOD |
Speedy Gonzales (78) | ||
| 726224 | 2008-12-06 08:59:00 | I can install them but when i go to open them they don't open even in safe mode Malwarebytes finds this virus but the virus stops programs from installing and updating. Go to device manager, go view and click "show hidden devices". Now this is where my memory gets fuzzy. Under either "Non plug and plug devices" or "system devices" (I think it is system devices) find the service called tsdd***** (as I said memory fuzzy - something like that) and disable it. DO NOT uninstall as it will come back after a reboot. Once disabled reboot the PC and update run Malwarebytes. It will find and remove the problem. I know the directions here are all fuzzy and I only did this the other day and should have written it all down but I would find the service to disable again if I saw it. I assume this is the problem you are having as the symptoms are the same. HTH |
berryb (99) | ||
| 726225 | 2008-12-06 09:18:00 | Found better instructions. Hopefully fix your issue. Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers. Then search for “TDSSserv.sys” Right click on it, and select “Disable” Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall. Restart your pc. You can now update your Antirus/Malware/Rootkit softwares. In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update |
berryb (99) | ||
| 726226 | 2008-12-06 20:30:00 | Found better instructions. Hopefully fix your issue. Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers. Then search for “TDSSserv.sys” Right click on it, and select “Disable” Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall. Restart your pc. You can now update your Antirus/Malware/Rootkit softwares. In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update It worked thanks guys computer running normal now:thanks |
killa275 (11593) | ||
| 1 2 | |||||