| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80218 | 2007-06-15 06:18:00 | Have i got a virus? | hueybot3000 (3646) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 559528 | 2007-06-15 06:18:00 | Hey ive recently brought a new pc, all was well up until a few days ago when windows started forgettin things and just bein weird...off the top of my head this is whats happening... - quicklaunch closes or rearranges itself on reboot - windows live messenger crashes all the time - random page not found errors pop up in internet explorer ( i use firefox) - avast keeps poppin me up sayin ive trojans and stuff and i keep deletein the files but itl just pop up with something else Is it just coincidence this has all happened at once or have a i got myself a virus???? |
hueybot3000 (3646) | ||
| 559529 | 2007-06-15 06:22:00 | More than likely. You should download HJT from Speedy and run it. | winmacguy (3367) | ||
| 559530 | 2007-06-15 06:30:00 | Got: 1) a software firewall? 2) a hardware firewall? 3) something good like AVG-free? 4) got Spybot S&D? If you got Norton/Symentec/McAfee . . . . you'll be sorry eventually . Wait till Sir Speedy shows up (they sleep strange hours where he lives in Upsidedown Land) . . . he's one of the best . FOLLOW HIS INSTRUCTIONS TO THE "T" . |
SurferJoe46 (51) | ||
| 559531 | 2007-06-15 06:34:00 | I'm here, a bit early to go to bed @ 5.30 pm. Get HJT and post the log if youre here Huey, and I'll check it out. |
Speedy Gonzales (78) | ||
| 559532 | 2007-06-15 06:34:00 | ive only got avast with its firewall, ive never really had problems with viruses because all my downloads are from "safe" sources, what should i have exactly? | hueybot3000 (3646) | ||
| 559533 | 2007-06-15 06:38:00 | Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 5:44:31 p.m., on 15/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\j2211433.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avast4\ashMaiSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Downloads\HiJackThis_v2.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pnqhgooe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {896B04DD-D83A-4D08-AEA1-371097B435B6} - C:\WINDOWS\system32\fykxgqfc.dll O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ddcdaxv.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {DE8944A4-21B4-47AE-B359-19337E172933} - C:\WINDOWS\system32\sstqq.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ffgafiru.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\drqhpjxb.dll",realset O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: WIKI.DLL O20 - Winlogon Notify: ddcdaxv - C:\WINDOWS\SYSTEM32\ddcdaxv.dll O20 - Winlogon Notify: sstqq - C:\WINDOWS\system32\sstqq.dll O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j2211433.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 5434 bytes |
hueybot3000 (3646) | ||
| 559534 | 2007-06-15 06:39:00 | ive only got avast with its firewall, ive never really had problems with viruses because all my downloads are from "safe" sources, what should i have exactly? Get Hijackthis 2 in my sig below, put it in its own folder run it then click on scan and save a log. Copy and paste the log here. You could also try trojan remover, click on scan and also select all the options under utilities menu. If u like and get rogueremover, they should if u have any malware remove it (hopefully).. |
Speedy Gonzales (78) | ||
| 559535 | 2007-06-15 06:58:00 | You've got a few files that are nasty. Run HJT again tick these entries then tick fix checked. Close browser/s. Turn system restore off then boot into safe mode and delete these files. (the files I've put in BOLD) ************************************************** C:\WINDOWS\system32\j2211433.exe O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pnqhgooe.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {896B04DD-D83A-4D08-AEA1-371097B435B6} - C:\WINDOWS\system32\fykxgqfc.dll O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ddcdaxv.dll O2 - BHO: (no name) - {DE8944A4-21B4-47AE-B359-19337E172933} - C:\WINDOWS\system32\sstqq.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ffgafiru.dll ************************************************** ***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\drqhpjxb.dll",realset O20 - AppInit_DLLs: WIKI.DLL O20 - Winlogon Notify: ddcdaxv - C:\WINDOWS\SYSTEM32\ddcdaxv.dll O20 - Winlogon Notify: sstqq - C:\WINDOWS\system32\sstqq.dll O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j2211433.exe O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe Get Trojan Remover and Rogueremover as well. Do a scan with both then reboot. Obviously wherever you're getting these files from it ISN'T a safe source. I think some of these files belong to a dialer, and some variant of Smitfraud, and other trojans. |
Speedy Gonzales (78) | ||
| 559536 | 2007-06-15 07:35:00 | ive only got avast with its firewall, ive never really had problems with viruses because all my downloads are from "safe" sources, what should i have exactly? Go and immediately Google the word SPYWARE. |
pctek (84) | ||
| 559537 | 2007-06-15 08:06:00 | shouldnt i keep O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup wont it have something to do with daemon tools |
hueybot3000 (3646) | ||
| 1 2 | |||||