| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 77806 | 2007-03-23 09:14:00 | I don't know what to do!! | xoLacieox (12032) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 535256 | 2007-03-23 09:14:00 | My computer won't let me open any programs by just clicking the icons or doing the "Run as..." thing. I can't open anything to scan them because it either says Windows can't find it or I get an NSIS Error. I don't know what else to do. Can someone help me? I don't want to have to erase everything. | xoLacieox (12032) | ||
| 535257 | 2007-03-23 10:03:00 | Welcome to PressF1 xoLacieox :) You will need to give us some more information, before we can help you more. What version of Windows are you using? Windows XP, Vista etc..? When did this start to happen? Have you installed any new programs? Or done any changes to the system? Hope to her from you soon |
stu161204 (123) | ||
| 535258 | 2007-03-23 21:31:00 | It started happening yesterday. I have Windows XP. I haven't installed anything recently. Here's my log file. --------- Logfile of HijackThis v1.99.1 Scan saved at 3:23:08 PM, on 3/23/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\spenca\Desktop\WGAPluginInstall.exe D:\Program Files\MessengerPlus! 3\MsgPlus.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\ Yahoo! \Messenger\ypager.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\spenca\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A33B181A-FED8-D75D-D7DB-A328E17566ED} - C:\WINDOWS\System32\ecfiwuo.dll (file missing) R3 - URLSearchHook: (no name) - {A7384E1F-FFDC-890B-DEDB-A328E17564B8} - C:\WINDOWS\System32\eersb.dll (file missing) F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe , O2 - BHO: (no name) - {55295C28-084E-697C-FEBF-0453A8030F40} - C:\WINDOWS\System32\tlgieg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8AA40010-216F-4F3F-B0DD-5CED785DBA56} - (no file) O2 - BHO: (no name) - {A33B181A-FED8-D75D-D7DB-A328E17566ED} - C:\WINDOWS\System32\ecfiwuo.dll (file missing) O2 - BHO: (no name) - {A7384E1F-FFDC-890B-DEDB-A328E17564B8} - C:\WINDOWS\System32\eersb.dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\xmjfcfmd.dll (file missing) O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [xbifvgm.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\xbifvgm.dll,hyntkd O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142893477\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Sparta Messenger] C:\Program Files\Sparta Messenger\messenger.exe O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe O4 - HKLM\..\Run: [phone warn blue cdrom] C:\Documents and Settings\All Users.WINDOWS\Application Data\ante bias phone warn\RectHtm.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [7c1bf5af.exe] C:\Documents and Settings\spenca\Local Settings\Application Data\7c1bf5af.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ Yahoo! Pager] "C:\Program Files\ Yahoo! \Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Cnpt] "C:\PROGRA~1\CROSOF~1.NET\csrss.exe" -vt yazb O4 - HKCU\..\Run: [Wsy] C:\WINDOWS\system32\F?nts\d?xplore.exe O4 - HKCU\..\Run: [Vc List] C:\DOCUME~1\spenca\APPLIC~1\LIVESI~1\scr stupid.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: *.dollarrevenue.com O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.errorsafe.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.media-motor.com O15 - Trusted Zone: *.mediatickets.net O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.winantivirus.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: *.dollarrevenue.com (HKLM) O15 - Trusted Zone: *.elitemediagroup.net (HKLM) O15 - Trusted Zone: *.errorsafe.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.media-motor.com (HKLM) O15 - Trusted Zone: *.media-motor.net (HKLM) O15 - Trusted Zone: *.mediatickets.net (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O16 - DPF: {1030360D-96BC-0153-3367-019843FACFE8} - [edit: URL removed] O16 - DPF: {13DD0220-6868-7BF5-4C4E-0E14485A3FC7} - [edit: URL removed] O16 - DPF: {22155947-231E-2D93-843F-69D32FE08B17} - [edit: URL removed] O16 - DPF: {28C83A3E-7B3A-61A0-39DC-552F75FA3669} - [edit: URL removed] O16 - DPF: {2F7326C4-C934-4970-B905-6412358FB1B8} - [edit: URL removed] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {32FBD2F2-6775-66E9-EDB1-17D9608799A7} - [edit: URL removed] O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht![edit: URL removed] O16 - DPF: {43252D4B-6507-6AB6-B806-19097B65F37E} - [edit: URL removed] O16 - DPF: {5292D217-2A56-6A12-5095-48B54C615058} - [edit: URL removed] O16 - DPF: {52FB0A32-3CEB-4265-A61B-7264378D2C5B} - [edit: URL removed] O16 - DPF: {5B3BE806-B2AA-6160-8D36-20916B23281A} - [edit: URL removed] O16 - DPF: {621BA16D-D68A-3472-3700-337930145A9E} - [edit: URL removed] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {693D633D-0E6E-172F-B258-6194290D3B15} - [edit: URL removed] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {77F1FB16-89D7-605D-21E2-2C7D0BB90F5E} - [edit: URL removed] O16 - DPF: {7A9A3750-BBFA-5978-C755-7715098E69A0} - [edit: URL removed] O16 - DPF: {7B3061BC-14E0-3079-00CA-6DB417C1F00D} - [edit: URL removed] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - download.cdn.winsoftware.com O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\spenca\LOCALS~1\Temp\win fix.chm::/SystemDoctor2006FreeInstall.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: byxxu - C:\WINDOWS\ O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) |
xoLacieox (12032) | ||
| 535259 | 2007-03-23 22:13:00 | Your system is covered in malware . Unzip hjt put it in its own folder before u run it again . Then click on these entries then tick fix checked . Close browser/s R3 - URLSearchHook: (no name) - {A33B181A-FED8-D75D-D7DB-A328E17566ED} - C:\WINDOWS\System32\ecfiwuo . dll (file missing) R3 - URLSearchHook: (no name) - {A7384E1F-FFDC-890B-DEDB-A328E17564B8} - C:\WINDOWS\System32\eersb . dll (file missing) F2 - REG:system . ini: UserInit=userinit . exe,C:\WINDOWS\System32\ntos . exe , O2 - BHO: (no name) - {8AA40010-216F-4F3F-B0DD-5CED785DBA56} - (no file) O2 - BHO: (no name) - {A33B181A-FED8-D75D-D7DB-A328E17566ED} - C:\WINDOWS\System32\ecfiwuo . dll (file missing) O2 - BHO: (no name) - {A7384E1F-FFDC-890B-DEDB-A328E17564B8} - C:\WINDOWS\System32\eersb . dll (file missing) O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\xmjfcfmd . dll (file missing) O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file) O4 - HKLM\ . . \Run: [xbifvgm . dll] C:\WINDOWS\System32\rundll32 . exe C:\WINDOWS\System32\xbifvgm . dll,hyntkd O4 - HKLM\ . . \Run: [HostManager] C:\Program Files\Common Files\AOL\1142893477\ee\AOLSoftware . exe O4 - HKLM\ . . \Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus . exe" - uninstall this it installs adware/spyware O4 - HKLM\ . . \Run: [Sparta Messenger] C:\Program Files\Sparta Messenger\messenger . exe O4 - HKLM\ . . \Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss . exe O4 - HKCU\ . . \Run: [7c1bf5af . exe] C:\Documents and Settings\spenca\Local Settings\Application Data\7c1bf5af . exe O4 - HKCU\ . . \Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager . exe" -quiet O4 - HKCU\ . . \Run: [Wsy] C:\WINDOWS\system32\F?nts\d?xplore . exe' O4 - HKCU\ . . \Run: [Vc List] C:\DOCUME~1\spenca\APPLIC~1\LIVESI~1\scr stupid . exe O4 - HKCU\ . . \Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus . exe" /WinStart O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [userinit] C:\WINDOWS\System32\ntos . exe O15 - Trusted Zone: * . adgate . info O15 - Trusted Zone: * . adsextend . net O15 - Trusted Zone: * . dollarrevenue . com O15 - Trusted Zone: * . elitemediagroup . net O15 - Trusted Zone: * . errorsafe . com O15 - Trusted Zone: * . imagesrvr . com O15 - Trusted Zone: * . matcash . com O15 - Trusted Zone: * . media-motor . com O15 - Trusted Zone: * . mediatickets . net O15 - Trusted Zone: * . snipernet . biz O15 - Trusted Zone: * . systemdoctor . com O15 - Trusted Zone: * . winantivirus . com O15 - Trusted Zone: * . adgate . info (HKLM) O15 - Trusted Zone: * . adsextend . net (HKLM) O15 - Trusted Zone: * . dollarrevenue . com (HKLM) O15 - Trusted Zone: * . elitemediagroup . net (HKLM) O15 - Trusted Zone: * . errorsafe . com (HKLM) O15 - Trusted Zone: * . imagesrvr . com (HKLM) O15 - Trusted Zone: * . matcash . com (HKLM) O15 - Trusted Zone: * . media-motor . com (HKLM) O15 - Trusted Zone: * . media-motor . net (HKLM) O15 - Trusted Zone: * . mediatickets . net (HKLM) O15 - Trusted Zone: * . snipernet . biz (HKLM) O15 - Trusted Zone: * . systemdoctor . com (HKLM) O15 - Trusted Zone: * . winantivirus . com (HKLM) O16 - DPF: {1030360D-96BC-0153-3367-019843FACFE8} - O16 - DPF: {13DD0220-6868-7BF5-4C4E-0E14485A3FC7} - O16 - DPF: {22155947-231E-2D93-843F-69D32FE08B17} - O16 - DPF: {28C83A3E-7B3A-61A0-39DC-552F75FA3669} - O16 - DPF: {2F7326C4-C934-4970-B905-6412358FB1B8} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper . dll O16 - DPF: {32FBD2F2-6775-66E9-EDB1-17D9608799A7} - O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee . mht! O16 - DPF: {43252D4B-6507-6AB6-B806-19097B65F37E} - O16 - DPF: {5292D217-2A56-6A12-5095-48B54C615058} - O16 - DPF: {52FB0A32-3CEB-4265-A61B-7264378D2C5B} - O16 - DPF: {5B3BE806-B2AA-6160-8D36-20916B23281A} - O16 - DPF: {621BA16D-D68A-3472-3700-337930145A9E} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsu . . . ?1165712890421" target="_blank">update . microsoft . com O16 - DPF: {693D633D-0E6E-172F-B258-6194290D3B15} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsof . . . ?1165732903598" target="_blank">update . microsoft . com O16 - DPF: {77F1FB16-89D7-605D-21E2-2C7D0BB90F5E} - O16 - DPF: {7A9A3750-BBFA-5978-C755-7715098E69A0} - O16 - DPF: {7B3061BC-14E0-3079-00CA-6DB417C1F00D} - O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - . cdn . winsoftware . com/ . . . reeInstall . cab" target="_blank">download . cdn . winsoftware . com O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\spenca\LOCALS~1\Temp\win fix . chm::/SystemDoctor2006FreeInstall . cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp . dll" (file missing) O20 - Winlogon Notify: byxxu - C:\WINDOWS\ O20 - Winlogon Notify: msldr32 - msldr32 . dll (file missing) Install a firewall, install SP1 or 2, preferably 2 ONCE u get rid of the malware . Uninstall ALL versions of Sun Java as well . The update is in my sig below . Get trojan remover in my sig below . Install it run it update it then click on scan, then select the 3rd to 7th option under the utilities menu . Post another log once u tick the entries above and tick fix checked . |
Speedy Gonzales (78) | ||
| 535260 | 2007-03-23 23:09:00 | For anyone else visting this post, DON'T click on the exe file links. They maybe nasty. I've sent a PM to the mods to remove the exe file links just in case. |
Speedy Gonzales (78) | ||
| 535261 | 2007-03-23 23:39:00 | Logfile of HijackThis v1.99.1 Scan saved at 5:39:59 PM, on 3/23/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\mshta.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\spenca\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\System32\ntos.exe, O2 - BHO: (no name) - {55295C28-084E-697C-FEBF-0453A8030F40} - C:\WINDOWS\System32\tlgieg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [phone warn blue cdrom] C:\Documents and Settings\All Users.WINDOWS\Application Data\ante bias phone warn\RectHtm.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cnpt] "C:\PROGRA~1\CROSOF~1.NET\csrss.exe" -vt yazb O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) |
xoLacieox (12032) | ||
| 535262 | 2007-03-24 00:03:00 | You still have 2 more entries to move F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\System32\ntos.exe, O2 - BHO: (no name) - {55295C28-084E-697C-FEBF-0453A8030F40} - C:\WINDOWS\System32\tlgieg.dll (file missing) Have you run Trojan Remover like Speedy said? |
radium (8645) | ||
| 535263 | 2007-03-24 00:12:00 | Oh. Oops. I'll do that if I can open it. | xoLacieox (12032) | ||
| 535264 | 2007-03-24 00:22:00 | Ok. Did I get everything this time? ------ Logfile of HijackThis v1.99.1 Scan saved at 6:22:14 PM, on 3/23/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\mshta.exe C:\Documents and Settings\spenca\Desktop\HijackThis.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\CustomXML\CustomXML.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\System32\ntos.exe, O2 - BHO: CustomXML Toolbar Helper - {133688B3-7842-4D9D-BF7C-940E1097F900} - C:\WINDOWS\system32\CustomXMLbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: CustomXML - {2C986504-AE32-493F-9D44-E1C5D17A3091} - C:\WINDOWS\system32\CustomXMLBand.dll O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [CustomXML] C:\Program Files\CustomXML\CustomXML.exe O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cnpt] "C:\PROGRA~1\CROSOF~1.NET\csrss.exe" -vt yazb O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) |
xoLacieox (12032) | ||
| 535265 | 2007-03-24 00:23:00 | Unzip the zipped HJT file u downloaded, and put the main HJT file in its own folder, before running it again. Then tick these entries and tick fix checked. Close browser/s again. F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\System32\ntos.exe, O2 - BHO: (no name) - {55295C28-084E-697C-FEBF-0453A8030F40} - C:\WINDOWS\System32\tlgieg.dll (file missing) O4 - HKLM\..\Run: [phone warn blue cdrom] C:\Documents and Settings\All Users.WINDOWS\Application Data\ante bias phone warn\RectHtm.exe O4 - HKCU\..\Run: [Cnpt] "C:\PROGRA~1\CROSOF~1.NET\csrss.exe" -vt yazb O4 - HKCU\..\Run: [userinit] C:\WINDOWS\System32\ntos.exe Then post another log. If the above entries wont disappear you may have to disable system restore first then delete them again, then turn system restore back on. Did trojan remover pick anything nasty up?? And did u update it before u did a scan? |
Speedy Gonzales (78) | ||
| 1 2 | |||||