|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Bad Virus Problem
i got the hjt log i need a lot of help
Logfile of HijackThis v1.99.1 Scan saved at 11:45:42 PM, on 5/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\alg.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\defender21.exe C:\WINDOWS\cfg32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\cfg32a.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,gtivxmk. exe O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [defender] C:\\defender21.exe O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\spywarebot\SpywareBot.exe -boot O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [newname] C:\\newname21.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard21.exe O4 - HKLM\..\RunServices: [stratas] lockx.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Event Reminder.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZP O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\kt8sl7l71.dll O23 - Service: Application Layer Gateway Manager (AppLayerGatewayMgr) - Unknown owner - C:\WINDOWS\alg.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
#2
|
|||
|
|||
Hiya tylerfoley, welcome to CTH .
Run HijackThis -> config -> misc tools -> open uninstall manager Save the list and copy/paste it in this thread. |
#3
|
|||
|
|||
VERY BAD VIRUS need help
heres my uninstall list
Ad-Aware SE Personal Adobe Reader 7.0.7 Agere Systems PCI Soft Modem AOL Instant Messenger AviSynth 2.5 BearShare Command Easy Internet Sign-up Help and Support Additions High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 HijackThis 1.99.1 HP Boot Optimizer HP Deskjet Printer Preload HP Image Zone 4.8.6 HP Image Zone Plus 4.8.6 HP Organize HP Photosmart Cameras 4.5 HP PSC & OfficeJet 4.7 HP Software Update HPIZplus450 Intel(R) Graphics Media Accelerator Driver IntelliMover Data Transfer Demo InterActual Player InterVideo WinDVD Player iPod for Windows 2005-10-12 IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 KBD KODAK EASYSHARE Gallery Upload ActiveX Control LimeWire 4.10.9 LiveUpdate 1.7 (Symantec Corporation) Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Standard Edition 2003 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Web Publishing Wizard 1.52 Microsoft Works MSN Music Assistant Network Monitor Norton Security Center PC-Doctor for Windows Photosmart 320,370,7400,8100,8400 Series Polar Bowler from Hewlett-Packard Desktops (remove only) Polar Golfer from Hewlett-Packard Desktops (remove only) PrintMaster 12 QuickTime RealPlayer Remove Microsoft Money 2005 installer Remove Quicken New User Edition installer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Shockwave Skateboard Park Tycoon Slyder from Hewlett-Packard Desktops (remove only) Snowball Wars by OIN Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy 1.4 Stamps.com Steam(TM) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Updates from HP Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar (Remove Only) WildTangent GameChannel (remove only) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 |
#4
|
|||
|
|||
Ad-Aware SE Personal
Adobe Reader 7.0.7 Agere Systems PCI Soft Modem AOL Instant Messenger AviSynth 2.5 BearShare Command Easy Internet Sign-up Help and Support Additions High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 HijackThis 1.99.1 HP Boot Optimizer HP Deskjet Printer Preload HP Image Zone 4.8.6 HP Image Zone Plus 4.8.6 HP Organize HP Photosmart Cameras 4.5 HP PSC & OfficeJet 4.7 HP Software Update HPIZplus450 Intel(R) Graphics Media Accelerator Driver IntelliMover Data Transfer Demo InterActual Player InterVideo WinDVD Player iPod for Windows 2005-10-12 IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 KBD KODAK EASYSHARE Gallery Upload ActiveX Control LimeWire 4.10.9 LiveUpdate 1.7 (Symantec Corporation) Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Standard Edition 2003 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Web Publishing Wizard 1.52 Microsoft Works MSN Music Assistant Network Monitor Norton Security Center PC-Doctor for Windows Photosmart 320,370,7400,8100,8400 Series Polar Bowler from Hewlett-Packard Desktops (remove only) Polar Golfer from Hewlett-Packard Desktops (remove only) PrintMaster 12 QuickTime RealPlayer Remove Microsoft Money 2005 installer Remove Quicken New User Edition installer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Shockwave Skateboard Park Tycoon Slyder from Hewlett-Packard Desktops (remove only) Snowball Wars by OIN Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy 1.4 Stamps.com Steam(TM) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Updates from HP Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar (Remove Only) WildTangent GameChannel (remove only) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 |
#5
|
|||
|
|||
Download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. Do not run a scan yet. When you have done this, boot into Safe Mode (restart your PC and tap F8 repeatedly before windows starts). Run Ewido now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido. Reboot to normal mode and go here (http://www.bitdefender.com/scan8/ie.html) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post both the ewido and Bitdefender logs as well as a current HJT log. It may take more than one posting. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus problem | double.g | Windows XP | 1 | July 6th, 2006 07:00 PM |
Virus problem leading to explorer.exe problem!! | clarkerm | Windows XP | 5 | February 28th, 2006 12:45 AM |
Virus Problem | Street-Leauge | Malware Removal | 2 | February 27th, 2005 01:16 PM |
Virus Problem | Street-Leauge | Malware Removal | 2 | February 27th, 2005 01:10 PM |
Virus Problem | BamaStormChaser | Malware Removal | 2 | April 21st, 2004 03:22 PM |
All times are GMT +1. The time now is 05:40 PM.