| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81081 | 2007-07-15 10:08:00 | My moody PC | geeman (5280) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 569256 | 2007-07-16 10:13:00 | Thats not the whole log, post ALL of it. What you've posted, it looks like you've got trojans. One of them belongs to this (www.sophos.com) Thats whats causing the lsass problem. |
Speedy Gonzales (78) | ||
| 569257 | 2007-07-16 10:18:00 | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qnz9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qnz9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qnz9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qnz9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qnz9.hpwis.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: (no name) - {AC7ECD8E-B3AF-4CBC-BB6B-2E44AE261568} - C:\WINDOWS\System32\awtsp.dll (file missing) O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\wvurpmn.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 |
geeman (5280) | ||
| 569258 | 2007-07-16 10:18:00 | O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe |
geeman (5280) | ||
| 569259 | 2007-07-16 10:19:00 | O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Complete Anonymous Web Surfing.lnk = C:\Program Files\caws\caws.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\ Yahoo! \Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D58F8CCA-4CB4-4B6A-B9F1-51F65B7C2B48}: NameServer = 202.27.158.40 202.27.156.72 O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: msnntlp - Unknown owner - C:\WINDOWS\system\msnntlp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9544 bytes |
geeman (5280) | ||
| 569260 | 2007-07-16 10:20:00 | sorry friends had to break this into pieces as for some reasons was not being loaded. Where to from here your help and guidance much appreciated...cheers |
geeman (5280) | ||
| 569261 | 2007-07-16 10:33:00 | Run hijackthis again tick these entries then tick fix checked. Turn system restore OFF. Close browser/s C:\WINDOWS\System32\qwerty12.exe C:\WINDOWS\system\msnntlp.exe C:\WINDOWS\System32\wbem\scrcons32.exe O2 - BHO: (no name) - {AC7ECD8E-B3AF-4CBC-BB6B-2E44AE261568} - C:\WINDOWS\System32\awtsp.dll (file missing) O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\wvurpmn.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe O4 - HKUS\S-1-5-18\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\System32\drivers\wmiapsrvs.exe (User 'Default user') MAKE SURE YOU UPDATE TROJAN REMOVER FIRST THEN TICK THESE ENTRIES then click on scan, then select all the options under the utilities menu. O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll Get this after (www.cexx.org) just in case. Unzip this then run it. O23 - Service: msnntlp - Unknown owner - C:\WINDOWS\system\msnntlp.exe Then reboot. If u can later get Boclean in my sig too. And then MAKE SURE XP is up to date. After the above have been ticked. |
Speedy Gonzales (78) | ||
| 1 2 | |||||