Tech Support banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
15 Posts
Discussion Starter · #1 ·
Computer keeps crashing, sometimes task manager doesn't work, and sometimes the computer won't even find the c:/ drive. here is my hijack this log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:41:42 PM, on 1/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\wlmsngr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SightSpeed\SightSpeed.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rod\LOCALS~1\Temp\Rar$EX08.952\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.eastlink.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {64FF1969-7AE8-3B20-84AD-4D394BC1823A} - dePloy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [init32] init32.exe
O4 - HKLM\..\Run: [panel_its] lpt.exe
O4 - HKLM\..\Run: [ivttt.exe] C:\WINDOWS\System32\ivttt.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sys02129447254-1] C:\WINDOWS\sys02129447254-1.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [nmdllw] Trayz.exe
O4 - HKCU\..\Run: [backorif] avpmondll.exe
O4 - HKCU\..\Run: [defect08] KeywordFinder.exe
O4 - HKCU\..\Run: [sglfmshp] C:\WINDOWS\System32\sglfmshp.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113918903977
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1B0C605-7308-404F-8196-8ED7ABB538A1}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O21 - SSODL: IEFilter - {FD2A54EC-5FD2-4DD2-89A2-E991A679CD22} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe (file missing)
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe (file missing)
O23 - Service: wlmsngr - Unknown owner - C:\WINDOWS\wlmsngr.exe
 

·
Registered
Joined
·
2,335 Posts
Hello reggus, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.



IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.


----------------------------------------

You have a very serioous Wareout infection which we must address first as it can affect your internet connection.


----------------------------------------

DOWNLOADS


Fixwareout


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

or

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

  • Save it to your desktop and run it.
  • Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin: Please follow the prompts.
  • You will be asked to reboot your compute: Please do so.
  • Your system may take longer than usual to load and this is normal.


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {64FF1969-7AE8-3B20-84AD-4D394BC1823A} - dePloy.dll (file missing)
O4 - HKLM\..\Run: [init32] init32.exe
O4 - HKLM\..\Run: [panel_its] lpt.exe
O4 - HKLM\..\Run: [ivttt.exe] C:\WINDOWS\System32\ivttt.exe
O4 - HKLM\..\Run: [sys02129447254-1] C:\WINDOWS\sys02129447254-1.exe
O4 - HKCU\..\Run: [nmdllw] Trayz.exe
O4 - HKCU\..\Run: [backorif] avpmondll.exe
O4 - HKCU\..\Run: [defect08] KeywordFinder.exe
O4 - HKCU\..\Run: [sglfmshp] C:\WINDOWS\System32\sglfmshp.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1B0C605-7308-404F-8196-8ED7ABB538A1}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BEDFDFD-B73A-41CF-A587-2355B02201B3}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O21 - SSODL: IEFilter - {FD2A54EC-5FD2-4DD2-89A2-E991A679CD22} - C:\WINDOWS\system32\IEFilter.dll (file missing)



Please remember to close all other windows, including browsers then click Fix checked.


Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved



FOLLOW-UP

Please return and post these items:

Wareout log - (you can find it at C:\fixwareout\report.txt
A new HJT log run in Normal Mode


Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode


NOTE: Should you experience Internet Connection problems, please follow these directions

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection
or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the
radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top