| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90514 | 2008-06-05 16:27:00 | Vista machine just got BOMBARDED! (virus etc.) help kind people:) | craftykillz (13839) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 675971 | 2008-06-06 10:07:00 | Speedy did all that, Upon the restart a ton of files came up like dwam.exe couldn't load etc. trjgnrmv etc. I had to click ok then proceed to login and more came up. |
craftykillz (13839) | ||
| 675972 | 2008-06-06 10:15:00 | So did trojan remover find anything nasty?? And did you tell it to remove the entries from the registry?? And did you select all options under utilities menu in trojan remover? Also scan c in my computer with trojan remover Get ccleaner (http://ccleaner.com) Install it (untick the yahoo toolbar, you dont need it). Run it. Go to tools/startup All the errors / files you saw when you rebooted. Their entries maybe under startup. Highlight them, then delete them then reboot Post another hijackthis log first So I can see what you ticked |
Speedy Gonzales (78) | ||
| 675973 | 2008-06-09 10:15:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:17 PM, on 9/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: D:\Windows\system32\taskeng.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O10 - Broken Internet access because of LSP provider 'd:\windows\system32\pnrpnsp.dll' missing O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 6662 bytes |
craftykillz (13839) | ||
| 675974 | 2008-06-09 10:18:00 | Yes it did a lot of things, i told it to rename and move them etc. | craftykillz (13839) | ||
| 675975 | 2008-06-09 10:24:00 | Tick these then tick fix checked Close browsers O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) Then install something better than Symantec AV |
Speedy Gonzales (78) | ||
| 675976 | 2008-06-09 10:39:00 | Ohk i am removing norton, it asked me to turn on or off windows firewall, i said no? Should i have? I'm downloading AVAST - anything i need to know? I see its free:) Cool. |
craftykillz (13839) | ||
| 675977 | 2008-06-09 10:43:00 | Dont forget to get the free key for Avast Home (avast.com) to extend it Then do a scan with Avast after you update it |
Speedy Gonzales (78) | ||
| 675978 | 2008-06-09 10:50:00 | Cheers speedy you've been a massive help. I'll let you know how that all goes. You have any other general tips to speed up my PC? Seems to still be a few little niggling problems such as winamp always closing after a little bit with an error. Cheers again! |
craftykillz (13839) | ||
| 675979 | 2008-06-09 10:53:00 | No probs, whats the error, Winamp's giving you? Get more ram, (If you havent got enough), defrag it, and use ccleaner to get rid of the temp files etc) |
Speedy Gonzales (78) | ||
| 675980 | 2008-06-09 10:57:00 | If you are still having problems with the PC not being clean, from my sig download Malwarebytes, and Superantispyware, Spybot S&D install/update and run ( they will take a while to run) it sometimes takes several cleaners to actually clean a PC fully, no one cleaner will get everything, while Trojan Remover is a good program, - thats the first I run on customers infected Machines, and usually pull out more spyware with the others as well. To remove Nortons better download the Norton Removal Tool (service1.symantec.com) - simply going from add/remove programs leaves most of it installed still. |
wainuitech (129) | ||
| 1 2 3 | |||||