Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Extreme Problem With Computer

This is a discussion on Extreme Problem With Computer within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I am new to this forums, and ive tried everywhere looking for hwelp, trying so many things, My computer is


 
 
Thread Tools Search this Thread
Old 07-14-2006, 08:27 PM   #1
Guest
 
Join Date: Jul 2006
Posts: 12
OS:



I am new to this forums, and ive tried everywhere looking for hwelp, trying so many things, My computer is 3.2GHz, 512 ram, 40 GB and i had recently had a spyware attack, now ive used many spyware cleaners and i smitfraud and hijack this a lot of the time and then after cleaning out my registry, viruses, spyware, maleware my PC has turned incredibly slow....Ive done al these procedures in safe mode and now my computer takes literally 20 minutes to start up, programs take forever to load. So ive ocome to tthe conclusion that I have to reformat my computer, So ive a windows Xp with SP2 CD and the bootdisks now i insert the disks into my computer and they sometimes freeze up, now i just take out the floppy and put it back in, and it works again but the problem is that when i get to disk 6 on the bottom it tells me to 'Please wait...' which i do for HOURS and its just frozen and will not change screens, so ive tried to coot from CD but that doesn't work either because i change my 1st format read from floppy to CD ROM but it doesn't boot with my Windows XP Slipstreamed, i cannot system restore because there is no earlier point, so you can see that i am in quite the pickle here, Please help i am unable to afford another computer and my last hope is this.

Here is my HiJack Log (by the way after starting hijack and doing scan it took 5 minutes to open up notepad and unfreeze...thats how slow my pc is):

Logfile of HijackThis v1.99.1
Scan saved at 11:25:04 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WarpSpeeder\BSTrayicon.exe
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\home\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...00/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
hehadeve is offline  
Sponsored Links
Advertisement
 
Old 07-15-2006, 07:26 AM   #2
Guest
 
Join Date: Jul 2006
Posts: 12
OS:


Bump

Please do help with this
hehadeve is offline  
Old 07-15-2006, 12:04 PM   #3
Guest
 
Join Date: Jul 2006
Posts: 12
OS:


Here Ive attached my Ewido Scan Report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:27:40 PM 7/15/2006

+ Scan result:



C:\Documents and Settings\home\DoctorWeb\Quarantine\keygen.exe -> Dropper.Delf.xo : No action taken.
C:\Documents and Settings\home\DoctorWeb\Quarantine\setup.exe -> Dropper.Delf.xo : No action taken.
C:\zwt\Cucusoft.DVD.to.iPod.Video.Converter.Suite.v3.9.3.20.Retail.Incl.Keymaker-ZWT.rar/zwt.part1.rar/keygen.exe -> Dropper.Delf.xo : No action taken.
C:\zwt\Cucusoft.DVD.to.iPod.Video.Converter.Suite.v3.9.3.20.Retail.Incl.Keymaker-ZWT.rar/zwt.part1.rar/setup.exe -> Dropper.Delf.xo : No action taken.
C:\zwt\zwt.part1.rar/keygen.exe -> Dropper.Delf.xo : No action taken.
C:\zwt\zwt.part1.rar/setup.exe -> Dropper.Delf.xo : No action taken.
:mozilla.166:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.167:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.168:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.169:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.219:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.79:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.49:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.139:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.140:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.141:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.244:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.54:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.103:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.104:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.94:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.95:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.35:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.38:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.39:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.40:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.41:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.42:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.200:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.201:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.202:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.223:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.224:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.225:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.90:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.178:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.179:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.86:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.88:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.136:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.137:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.138:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.150:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.152:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.153:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.196:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.197:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.198:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.208:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.142:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.143:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.144:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.145:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.146:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.147:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.148:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.32:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.33:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.34:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.43:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.44:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.45:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.46:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.47:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.28:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.29:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.30:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.31:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end
hehadeve is offline  
Sponsored Links
Advertisement
 
Old 07-15-2006, 05:10 PM   #4
Guest
 
Join Date: Jul 2006
Posts: 12
OS:


um...please help
hehadeve is offline  
Old 07-15-2006, 06:34 PM   #5
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System

Do not bump your posts until it's been over 24 hours without a reply...

Run Ewido and tell it to delete everything it finds...

Please print the below instructions or copy them to Notepad.

Download Brute Force Uninstaller https://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).

Run the program and click the Web button located on the top right corner.

Copy and paste the below web address into the address bar of the Download script window:

https://metallica.geekstogo.com/alcanshorty.bfu

Checkmark the following boxes:
Use settings specified in script for the above option.
Show log after script ends.
Execute the script by clicking the Execute button.

When it finishes running, click the Save button for a copy of the log. Post the log created by the script when you have completed the fix.


Restart your computer and boot into Safe Mode (if you don't know how, go to https://www.bleepingcomputer.com/foru...howtutorial=61 ). Make sure to close any internet browsers that may still be open.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)

Run SmitfraudFix #2 again.

Restart. Perform an online scan with Internet Explorer at Panda ActiveScan https://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply along with a new HijackThis log. Also give us your SmitfraudFix log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 07-15-2006, 11:14 PM   #6
Guest
 
Join Date: Jul 2006
Posts: 12
OS:



heres my BFU Log, Coming with others soon

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 2:11:31 AM, on 7/16/2006

Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\home\LOCALS~1\Temp\~DFFE1.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.
hehadeve is offline  
Old 07-16-2006, 10:58 AM   #7
Guest
 
Join Date: Jul 2006
Posts: 12
OS:



Here are My Logs, Ive also attacked my Panda and Smithfraud Log just in case.

Logfile of HijackThis v1.99.1
Scan saved at 2:28:42 AM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\home\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...00/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--------------------------------------------------------------------------
SmitFraudFix v2.69

Scan done at 2:30:52.03, Sun 07/16/2006
Run from C:\Documents and Settings\home\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\home\Application Data


Start Menu


C:\DOCUME~1\home\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


Scanning wininet.dll infection


End

--------------------------------------------------------------------------

Incident Status Location

Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ym20wj1i.default\cookies.txt[.atdmt.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\My Documents\HJT\SmitfraudFix\Process.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\home\My Documents\HJT\SmitfraudFix.zip
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\home\My Documents\smitRem.exe[smitRem/Process.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.052
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\music.dll.027
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\scanfix\win32delfkil\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\smitRem\Process.exe
Potentially unwanted tool:Application/MSNContentPlus Not disinfected C:\WINDOWS\MSNImport.exe
Potentially unwanted tool:Application/MSNContentPlus Not disinfected C:\WINDOWS\msnpolym.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Attached Files
File Type: txt Pandascan.txt (8.3 KB, 17 views)
File Type: txt SmithFraud.txt (1.2 KB, 37 views)
hehadeve is offline  
Old 07-17-2006, 10:24 AM   #8
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}]
Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.


Fix this in HijackThis if still found:

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)

Delete this:

c:\program files\common files\Totem Shared\

Restart and run a new Panda scan. Post that log here along with a new HijackThis log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 07-17-2006, 10:34 AM   #9
Guest
 
Join Date: Jul 2006
Posts: 12
OS:



Here Hijack log panda log is coming

Logfile of HijackThis v1.99.1
Scan saved at 1:32:52 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WarpSpeeder\BSTrayicon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...00/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
hehadeve is offline  
Old 07-17-2006, 10:49 AM   #10
Guest
 
Join Date: Jul 2006
Posts: 12
OS:


umm having a problem with panda, pop up to scan PC keeps closing i got no pop up nlocker so maybe virus or something...never happened wbefore what should i do?

EDIT

Nevermind i just kept clicking on it and it popped up and stayed lol
hehadeve is offline  
Old 07-17-2006, 06:02 PM   #11
Guest
 
Join Date: Jul 2006
Posts: 12
OS:


thank you so much greykngiht for helping me out fortunately i was able to receive a boot CD from my cousin and as im typing this from my laptop i am formatting my computer, I still would like to thank you for being patient with me i will be a returning customer for if i endure any mroe problems THANKS A LOT
hehadeve is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:03 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts