Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
It Happened yesterday... I came back home and when I turned on my PC, I noticed that

1) Netscape has lost all the favourites
2) The home page was different
3) I can't put Links in the bar anymore
4) All the cookies to enter into my common web sites dissapeared

Then today
5) Some errors starting to appear when launching the files from windows explorer
6) Then Winamp gave me an error related to Dr Watson :upset:
7) My boot time is now over 10 min, and the PC is extremely slow
What's going on???

I had protection from Antivir and Spybot search and destroy... but it seems that some virus got in....

This is my Hijackthis log... Any help is greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 3:36:11 PM, on 16/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\Cox\Applications\App\syssvcnt.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\UAService7.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINDOWS\system32\nvraidservice.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
E:\WINDOWS\System32\wbem\unsecapp.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
E:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
E:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
E:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Cox\Applications\app\Repair.exe
E:\Program Files\Netscape\Netscape\Netscp.exe
E:\Program Files\Common Files\Command Software\dvpapi.exe
E:\Program Files\Winamp\Winamp.exe
E:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.smh.com.au"); (E:\Documents and Settings\FRANK\Application Data\Mozilla\Profiles\default\4zsnb4fw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\FRANK\Application Data\Mozilla\Profiles\default\4zsnb4fw.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - E:\Program Files\Cox\Applications\App\PopupBHO01.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AuthPopupBHO01.cBlockerBar - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - E:\Program Files\Cox\Applications\App\PopupBHO01.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVRaidService] E:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PVR Agent] E:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ESP] E:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = E:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = E:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: mLAN Manager.lnk = E:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home.net
O17 - HKLM\Software\..\Telephony: DomainName = home.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = home.net
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - E:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Cooperative Linux - Unknown owner - E:\PROGRA~1\coLinux\colinux-daemon.exe" --run-service "Cooperative Linux" -d -c "config.xml (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - E:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - E:\WINDOWS\System32\UAService7.exe
 

·
Registered
Joined
·
2,096 Posts
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
 

·
Registered
Joined
·
2,096 Posts
Hello and welcome to TSF :smile:.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Your log is apparently not showing anything, still please follow the next steps to ensure that your PC is completely clean.
__________________________________________________________________________________

Multiple AV

It appears that you are running two antivirus programs, namely, AntiVir Personal Edition and Authentium's Command
Antivirus simultaneously. It does not provide you with any extra protection though it may seem so. On the contrary these two programs may interfere with each other creating serious problems regarding security vulnerability as well as system stability. Uninstall one of the above and keep the other according to your choice.
______________________________________________________________

Downloads

1. Please download Cleanup! and install it. You will use this later. Do not install if you are using the 64 bit version of windows.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

If you find the above link is taking you to a out of service page, please use the following link to download this program:

http://www.stevengould.org/downloads/cleanup/CleanUp452.exe

2. Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
___________________________________________________________________________________

Show Hidden Files and Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
______________________________________________

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Cleanup!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program.
Do not logoff or reboot when prompted.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot your system in Normal Mode.
______________________________________________

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Please provide the following logs with your next post:

AVG Anti-Spyware
Panda Scan
HijackThis (A fresh one)


Please give me the following information:

1. What was your original homepage set to?
2. How is your system's overall behaviour? :smile:
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top