| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69539 | 2006-06-05 03:43:00 | virus attack in less than 24 hrs pls help | alistor isole (10503) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 460548 | 2006-06-05 10:56:00 | well it runs faster now, but the winlog error is still happening. my taskbar has disappeared and task manager still wont open. here's the new log file: Logfile of HijackThis v1.99.1 Scan saved at 6:00:39 PM, on 6/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjMnuIco.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Warranty\warranty.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Fujitsu\updnavi\updnavi.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\outlook\outlook.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe D:\Gunz\GunzLauncher.exe C:\WINDOWS\System32\digtizer.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tan Aik Leng\My Documents\soft\HT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.acs.sch.edu.sg:80 F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [WarrantyReg] Program Files\Warranty\warranty.exe O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/ O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wlan.acs.sch.edu.sg O17 - HKLM\Software\..\Telephony: DomainName = wlan.acs.sch.edu.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wlan.acs.sch.edu.sg O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe |
alistor isole (10503) | ||
| 460549 | 2006-06-05 11:22:00 | If you can't afford to use Anti-Virus in Windows why not use other OS that is less likely attacked by viruses. e.g. If you can't afford to drive a big truck(which consumes huge amount of fuel) why not drive a smaller truck. Of course Windows cost a lot of money for security reason means you buy anti-virus software every year to mainatin it and etc. About the trucks when feeding the big trucks it'll hurt a lot when feeding them especially with fuel prices went up. Like buying anti-virus, anti-spyware, and etc. Small trucks means OS that less likely to be attacked by viruses, small trucks might be weaker but they can do the same stuff but not carrying heavy stuff. Why am I using this to compare? Big trucks are faster and stronger especially long distance. Small trucks are slower when they carry stuff like big truck does. Just have a think about it. I mean people don't explain stuff directly except it is up to you to think about it. PLUS people will get really annoyed when you posted too much, and asking this and that. See some of the forum I've posted here that why don't I prefer Linux. |
MTLance (6768) | ||
| 460550 | 2006-06-05 15:05:00 | Your scan looks pretty good . I'd run CCleaner in safe mode, and also try defrag and see what you get afterward . Personally I have no trouble with multiple requests for help by the same person, after all, you have a problem or you wouldn't be asking . There are so many people here that will help you and basically, this is what this forum is all about anyway . Stay with it; get some clean-up going and report back . You can trust people like Speedy, Pancake and a lot of others whose names escape me right now . (I am very old and that's why I forget) . They are here to help . Stay with what suits you and your system . Learning Linux now will set you back a while until you get good at it . By the sound of your post, I don't think you (or I) are ready for a Linux-based opsys . If you want a list of freebees that will help protect your system, just ask . . . there's a lot of opinions on this site and you can take your pick . Smile, things could be worse . |
SurferJoe46 (51) | ||
| 460551 | 2006-06-05 21:52:00 | O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe these look like they are the agobot (www.sophos.com) worm. install something free like avast (www.avast.com), turn on the windows firewall, and visit windowsupdate.... |
gibler (49) | ||
| 460552 | 2006-06-06 03:13:00 | wouldnt mind a list of free ones. oh and to MTLance, i can't buy a "smaller truck" for the simple reason that i'm a 13 year old kid and this is my school laptop... -_- | alistor isole (10503) | ||
| 460553 | 2006-06-06 05:20:00 | wouldnt mind a list of free ones. oh and to MTLance, i can't buy a "smaller truck" for the simple reason that i'm a 13 year old kid and this is my school laptop... -_- Ok. Maybe schools need some Anti-Virus protection, from Viruses if Windows are able to defend more viruses then I guess Windows is the best. And for special reason we might help. |
MTLance (6768) | ||
| 1 2 | |||||