| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64830 | 2005-12-29 23:00:00 | Applications wont work .. virus ? | heinz57 (9500) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 416546 | 2005-12-29 23:00:00 | Good afternoon all .. Did ya have a good xmas? My partner opened an email the other day .. hahaha .. and yes you guessed it .. out popped a virus .. and suddenly everything stopped .. ( grandson was using the lappy .. which is the one that is nromally online, the PC doesnt go online much, so AVG isnt updated regularly.) Since then it shows an error when I try to open some programs, some programs dont even open, they try to open then stop. Ive updated AVG on the laptop and taken it by memory stick to the PC, it took a while, and I dont even know how he did it, but AVG is now running on the PC, not found any viruses yet, and I suspect it wont. Does this sound like a virus ? I cant get it online to TREND. |
heinz57 (9500) | ||
| 416547 | 2005-12-29 23:04:00 | Yup, if u cant get to any AV sites, it may well be a trojan/virus/worm. Get this (www.merijn.org) Unzip it into its own folder, and then run it scan and copy and paste the log here. Or here (www.hijackthis.de) if u know what to look for. |
Speedy Gonzales (78) | ||
| 416548 | 2005-12-29 23:25:00 | OK .. heres the log .. dont look like anything wrong :( | heinz57 (9500) | ||
| 416549 | 2005-12-29 23:26:00 | hehehehhe here it is . . . . . Logfile of HijackThis v1 . 99 . 1 Scan saved at 12:20:03 , on 30/12/2005 Platform: Windows XP (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 (6 . 00 . 2600 . 0000) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\NOTEPAD . EXE G:\HijackThis . exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank . htm O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx O2 - BHO: CometCursor Class - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - C:\WINDOWS\SYSTEM32\COMET . DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\PROGRAM FILES\WHENUSEARCH\SEARCH . DLL O3 - Toolbar: @msdxmLC . dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm . ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt . dll O4 - HKLM\ . . \Run: [SystemTray] SysTray . Exe O4 - HKLM\ . . \Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay . exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\ . . \Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe" O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP O4 - HKLM\ . . \Run: [BigDogPath] C:\WINDOWS\VM_STI . EXE VIMICRO USB PC Camera 301x O4 - HKLM\ . . \Run: [anti_troj] C:\WINDOWS\System32\anti_troj . exe O4 - HKLM\ . . \Run: [key2] C:\WINDOWS\System32\winlog . exe O4 - HKLM\ . . \Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol . exe" O4 - HKLM\ . . \Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe O4 - HKCU\ . . \Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager . exe -quiet O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\System32\ctfmon . exe O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [Skype] "C:\Program Files\Skype\Phone\Skype . exe" /nosplash /minimized O4 - HKCU\ . . \Run: [anti_troj] C:\WINDOWS\System32\anti_troj . exe O4 - HKCU\ . . \Run: [key2] C:\WINDOWS\System32\winlog . exe O4 - Global Startup: hpoddt01 . exe . lnk = ? O4 - Global Startup: hp psc 1000 series . lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1 . dll/cmsearch . html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1 . dll/cmwordtrans . html O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch . htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1 . dll/cmbacklinks . html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1 . dll/cmcache . html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1 . dll/cmsimilar . html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1 . dll/cmtrans . html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict . htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap . htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms . htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll O16 - DPF: Win32 Classes - O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} ( Yahoo! Webcam Upload Wrapper) - . yahoo . com/cab/yuplapp . cab" target="_blank">chat . yahoo . com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 202 . 27 . 184 . 3 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 202 . 27 . 184 . 3 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = 202 . 27 . 184 . 3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 202 . 27 . 184 . 3 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12 . exe |
heinz57 (9500) | ||
| 416550 | 2005-12-29 23:31:00 | Ohh ok .. I just used your analyser .. I use a different one .. they show different things .. OK .. gonna get rid of the red ones now | heinz57 (9500) | ||
| 416551 | 2005-12-29 23:41:00 | Boot into safe mode, and run HJT again. Tick these and tick fix checked. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: CometCursor Class - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - C:\WINDOWS\SYSTEM32\COMET.DLL O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\PROGRAM FILES\WHENUSEARCH\SEARCH.DLL If Desktop Toolbar [WhenUSearch] appears in add/remove programs uninstall it. O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\System32\anti_troj.exe (this is nasty). O4 - HKLM\..\Run: [key2] C:\WINDOWS\System32\winlog.exe This is nasty too O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\System32\anti_troj.exe O4 - HKCU\..\Run: [key2] C:\WINDOWS\System32\winlog.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) 16 - DPF: Win32 Classes O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 202.27.184.3 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 202.27.184.3 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = 202.27.184.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 02.27.184.3 O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) These dont have to be in startup. O4 - HKLM\..\Run: [RemoteControl] "C:\Program files\CyberLink\PowerDVD\PDVDServ.exe" (unless u have a remote for this). I would try this (dl.filekicker.com) from here (www.simplysup.com) or go here (http://www.ewido.net) You have a few nasties on that system. I would also install SP1 or SP2, after these entries have been removed. I would also install some kind of firewall. It doesn't look like u have one installed. You're asking for trouble without one. |
Speedy Gonzales (78) | ||
| 416552 | 2005-12-30 00:41:00 | I think Speedy deserves a medal from PressF1 for his nearly tireless Hijackthis help. He's sure better than the German online automated assistance. Go Speedy! :thumbs: | Greg (193) | ||
| 416553 | 2005-12-30 05:11:00 | As usual .. Speedy to the rescue! Alas I have forgotten my previous sign in name, It was Lovelee or something, but everytime Ive had trouble no matter what it is, Speedy has done the job. Hero Medal, thats what he should get! Thank you mate. :) |
heinz57 (9500) | ||
| 416554 | 2005-12-30 10:11:00 | Ive updated AVG on the laptop and taken it by memory stick to the PC, it took a while, and I dont even know how he did it, but AVG is now running on the PC, not found any viruses yet, and I suspect it wont. You should have some anti-spyware as well. See the FAQ here for the list. AV is not enough on its own. Geez, the moderators should make this type of question a sticky........ |
pctek (84) | ||
| 1 | |||||