| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64980 | 2006-01-03 19:35:00 | serious virus problem need help plz | xerosleep (9535) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 417912 | 2006-01-03 19:35:00 | ok since the 28th dec my comp has been playin up i dont have wallpaper anymore n i cant change it also it says taskmgr has been disabled by admin when i press ctrl + alt + del, also i cant touch my keyboard without my comp freezin so im usin the on-screen keyboard i did a virus scan n it says browsela.dll is infected n this file appeared on my comp when this started so can any1 help plz here is my hjt file Logfile of HijackThis v1.99.1 Scan saved at 19:18:47, on 03/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\blueyonder\PCguard\fws.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\fixwareout\SUB\BFU.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\hijackthis\hijackthis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing) O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\system32\sysfrcx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Koxwkbb] C:\Program Files\Rpbwyon\Lpacps.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [JEo1Z] C:\documents and settings\aidan\local settings\temp\JEo1Z.exe O4 - HKLM\..\Run: [lP3kWG] C:\windows\system32\lP3kWG.exe O4 - HKLM\..\Run: [kcK.exe] c:\windows\system32\kcK.exe O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\system32\WcjC.exe O4 - HKLM\..\Run: [Aol Configuration Loader] aimsng.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [xwvchdw] c:\windows\system32\tqwiiur.exe r O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\RunServices: [Aol Configuration Loader] aimsng.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Aol Configuration Loader] aimsng.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - kc.bar.need2find.com O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0411.dll O9 - Extra button: ContentDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\ContentDownload (file missing) O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\libremp3-cyd-su-uk\index.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: Yahoo! Blackjack - download.games.yahoo.com O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: Yahoo! Dominoes - download.games.yahoo.com O16 - DPF: Yahoo! Fleet - download.games.yahoo.com O16 - DPF: Yahoo! Graffiti - download.games.yahoo.com O16 - DPF: Yahoo! Poker - download.games.yahoo.com O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: Yahoo! Pyramids - download.games.yahoo.com O16 - DPF: YExplorer1_8US.CAB - photos.groups.yahoo.com O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - www.ipix.com O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - courses.learndirect.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} ( Yahoo! Audio Conferencing) - us.chat1.yimg.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - dm.screensavers.com O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - webcamnow.com O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - plugin.euro-infomedia.com O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - www.stopzilla.com O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - download.games.yahoo.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe |
xerosleep (9535) | ||
| 417913 | 2006-01-03 20:18:00 | Yup looks like u have a few worms. Reboot into safe mode, and turn system restore off. Run Hijackthis again, tick these and tick fix checked. Then reboot. Then see if you notice any difference. C:\fixwareout\SUB\BFU.exe - Dont know what this is. Do you? R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing) O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\system32\sysfrcx.exe O4 - HKLM\..\Run: [Koxwkbb] C:\Program Files\Rpbwyon\Lpacps.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [JEo1Z] C:\documents and settings\aidan\local settings\temp\JEo1Z.exe O4 - HKLM\..\Run: [lP3kWG] C:\windows\system32\lP3kWG.exe O4 - HKLM\..\Run: [kcK.exe] c:\windows\system32\kcK.exe O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\system32\WcjC.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [xwvchdw] c:\windows\system32\tqwiiur.exe r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: &Search - kc.bar.need2find.com O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: Yahoo! Blackjack - download.games.yahoo.com O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: Yahoo! Dominoes - download.games.yahoo.com O16 - DPF: Yahoo! Fleet - download.games.yahoo.com O16 - DPF: Yahoo! Graffiti - download.games.yahoo.com O16 - DPF: Yahoo! Poker - download.games.yahoo.com O16 - DPF: Yahoo! Pool 2 - download.games.yahoo.com O16 - DPF: Yahoo! Pyramids - download.games.yahoo.com O16 - DPF: YExplorer1_8US.CAB - photos.groups.yahoo.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) You may have smitfraud. Go here (metallica.geekstogo.com) Select ALL, copy and paste it into notepad, and save it as smitfraud.reg, then run it / merge it. And also get this (www.mvps.org) Or it maybe easier to get this (dl.filekicker.com) from here (www.simplysup.com) This has just been updated. Download this, run it scan, and then select the 3rd-7th option under the utilities menu. |
Speedy Gonzales (78) | ||
| 417914 | 2006-01-03 20:19:00 | thanks | xerosleep (9535) | ||
| 417915 | 2006-01-03 20:29:00 | thanks I've just posted what needs removing and what u can use to hopefully remove, what u have. I would also get rid of Limewire. Its most probably this, that gave u these worms / trojans in the first place. |
Speedy Gonzales (78) | ||
| 417916 | 2006-01-03 20:37:00 | ok also i dont know much bout comps so when im in safe mode how i turn system restore off | xerosleep (9535) | ||
| 417917 | 2006-01-03 20:43:00 | ok also i dont know much bout comps so when im in safe mode how i turn system restore off Right mouse on my computer on the desktop / properties, if its there and system restore tab, tick it. |
Speedy Gonzales (78) | ||
| 417918 | 2006-01-03 20:53:00 | It looks like you've got this (securityresponse.symantec.com) a worm This (securityresponse.symantec.com) a trojan. This is a keylogger. I WOULD get off the net now, as it records keystrokes. This (securityresponse.symantec.com) a worm This (securityresponse.symantec.com) adware/spyware. And something similar to this (securityresponse.symantec.com) And once you do a scan with trojan remover, and tick the previous entries, post another hijackthis log here. I would also install a firewall. It doesnt look like one has been installed. |
Speedy Gonzales (78) | ||
| 417919 | 2006-01-03 21:23:00 | ok i couldnt see system restore thing in safe mode i also did the hjt scan in safe mode n normal mode n browsela avpi32 wont go Logfile of HijackThis v1.99.1 Scan saved at 21:19:00, on 03/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\blueyonder\PCguard\fws.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\blueyonder\PCguard\RPS.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\HPZipm12.exe C:\HJT\hijackthis\HijackThis.exe C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Aol Configuration Loader] aimsng.exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\RunServices: [Aol Configuration Loader] aimsng.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Aol Configuration Loader] aimsng.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - kc.bar.need2find.com O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0411.dll O9 - Extra button: ContentDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\ContentDownload (file missing) O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\libremp3-cyd-su-uk\index.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - www.ipix.com O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - courses.learndirect.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} ( Yahoo! Audio Conferencing) - us.chat1.yimg.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - dm.screensavers.com O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - webcamnow.com O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - plugin.euro-infomedia.com O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - www.stopzilla.com O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - download.games.yahoo.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe |
xerosleep (9535) | ||
| 417920 | 2006-01-03 21:50:00 | Its better than before! Boot into safe mode again, run hijackthis again . Disable System restore in normal mode NOT safe mode . Is the My computer icon on the desktop? If it is right mouse on it, then go to properties . Then go to the system restore tab, tick it, if it isnt ticked . Do this before you reboot into safe mode . If the My computer icon isnt on the desktop, if your keyboard has a windows key (the windows logo key), press it and the pause key at the same time . It'll take you there . Then tick fix checked, after u tick these entries . C:\WINDOWS\system32\osk . exe C:\WINDOWS\system32\MSSWCHX . EXE This looks like this ( . symantec . com/avcenter/venc/data/adware . findwhatever . html" target="_blank">securityresponse . symantec . com) F3 - REG:win . ini: run=C:\WINDOWS\inet20001\winlogon . exe O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32 . dll O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela . dll O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc . exe (file missing) O9 - Extra button: ContentDownload - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\ContentDownload (file missing) Post another hijackthis log after this . Did u scan with Trojan remover? Do a full scan (go to file menu / scan a drive/directory and scan the whole hard drive) . Whatever is is . And also select the 3rd - 7th option in Trojan remover, if u havent done this yet . |
Speedy Gonzales (78) | ||
| 417921 | 2006-01-03 22:09:00 | nah dont av system restore in my comp n i cant use normal keyboard so ill do it on on-screen keyboard | xerosleep (9535) | ||
| 1 2 | |||||