| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76032 | 2007-01-18 07:20:00 | Friends c omputer is REALLY fu'd up... | TiJay (6055) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 517241 | 2007-01-18 07:20:00 | Well...it is slow...but not supposed to be...I haven't had any luck fixing it, and i know there are a few things in this log that i've missed...if someone can take a look at it, speedy i know your good with these, any help you can offer would be awesome... Logfile of HijackThis v1.99.1 Scan saved at 2:08:17 AM, on 1/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ Yahoo! \Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com; F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qkxps.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfftdcn. exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe O4 - HKCU\..\Run: [ Yahoo! Pager] "C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\ Yahoo! \Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe |
TiJay (6055) | ||
| 517242 | 2007-01-18 07:21:00 | that is the start up scan...so that is before i killed the other processes (except some messengers) | TiJay (6055) | ||
| 517243 | 2007-01-18 07:34:00 | Your friend has a trojan Tijay. Run HJT again tick these entries and tick fix checked. Close browser/s first. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com; F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qkxps.exe This entry looks suss F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfftdcn. exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe - This is a trojan Taken from here (www.symantec.com) Windows NT/2000/XP To end the Trojan process: 1. Press Ctrl+Alt+Delete once. 2. Click Task Manager. 3. Click the Processes tab. 4. Double-click the Image Name column header to alphabetically sort the processes. 5. Scroll through the list and look for Scvhost.exe. 6. If you find the file, click it, and then click End Process. 7. Exit the Task Manager. Then 1. Click Start, and then click Run. (The Run dialog box appears.) 2. Type regedit Then click OK. (The Registry Editor opens.) 3. Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run 4. In the right pane, delete the value: "Windows Service Host" = "scvhost.exe" 5. Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ RunServices 6. In the right pane, delete the value: "Windows Service Host" = "scvhost.exe" 7. Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ Explorer\Advanced 8. In the right pane, change the value to: "Hidden" = "1" 9. Exit the Registry Editor. O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet - run this manually. O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim 6. exe" /d locale=en-US ee://aol/imApp C:\Program Files\Viewpoint\Common\ViewpointService.exe - See if there's an entry for this in add/remove programs. Uninstall it. Then reboot. |
Speedy Gonzales (78) | ||
| 517244 | 2007-01-18 09:55:00 | C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe None of that seemed much help with trojan either did it? |
pctek (84) | ||
| 517245 | 2007-01-21 02:18:00 | Next time use Avast. | RealBigDog (11623) | ||
| 1 | |||||