 My Computer Log - Is It Bad?, Went trough prep. guide |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Mar 12 2007, 11:03 PM
Post
#1
|
|
|
Member  Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827  |
I went through preparation guide for posting HijackThis LOg. Tried everything by that guide. But still from Avast getting this type of messages: " DCOM Exploit -Attack from 68.145.86.249:135/tcp.. " or similar. Computer was running fine, but I think my kids pressed something on games page. And all of sudden different stuff came up. Here is my log. Thank you. Logfile of HijackThis v1.99.1 Scan saved at 8:54:09 PM, on 12/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\csrss.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\tcpipmon.exe C:\WINNT\system32\tcpipmon.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Logitech\Video\LowLight.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINNT\system32\msiexec.exe C:\program files\voipstunt.com\voipstunt\voipstunt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SiteAdvisor\5248\SAService.exe C:\Program Files\SiteAdvisor\5248\SiteAdv.exe C:\PROGRA~1\McAfee\MSC\McLogCln.exe C:\Documents and Settings\Administrator\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.delfi.lt"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: TLFind Class - {8692FED1-9267-4624-96B9-3B94946A0524} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Biuras 2004\TDVLauncher.DLL /201 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra 'Tools' menuitem: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab? O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll O23 - Service: 01606 - Unknown owner - \\68.145.186.219\Admin$\eraseme_17037.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: Client Server Runtime Process (Microsoft client and Server Runtime Server Subsystem) - Unknown owner - C:\WINNT\csrss.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe |
 |
 
|
|
Mar 13 2007, 04:58 AM
Post
#2
|
|
 Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
Welcome REM05
 Download\install CleanUp. Launch CleanUp,then click on 'Options'. Now move the slider on the left up to 'Standard Cleanup!'. Click 'Ok',now run the program by clicking on the 'Cleanup' button. Reboot,or log off/log on when it's finished. ***************************** Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.zip Please then reboot your computer into Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. * In Safe Mode, right click the SDFix.zip folder and choose Extract All, * Open the extracted folder and double click RunThis.bat to start the script. * Type Y to begin the script. * It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * Your system will take longer that normal to restart as the fixtool will be running and removing files. * When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. * Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.along with a new Hijackthis log please. -------------------- If I have helped you in any way, please consider a donation:
 Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 13 2007, 11:57 PM
Post
#3
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Hello,
Thanks for a fast reply. Here is a report from SDFix: SDFix: Version 1.71 Run by Administrator - Tue 13/03/2007 / 21:43:12.17 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\Program Files\Setup.exe - Deleted C:\WINNT\csrss.exe - Deleted ADS Check: C:\WINNT\system32 No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Program Files\Picasa2\setup.exe Finished And here is a new log: Logfile of HijackThis v1.99.1 Scan saved at 9:56:30 PM, on 13/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\MSTask.exe C:\Program Files\SiteAdvisor\5248\SAService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe c:\program files\mcafee\msc\mcuimgr.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\program files\voipstunt.com\voipstunt\voipstunt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Logitech\Video\LowLight.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\msiexec.exe C:\Documents and Settings\Administrator\My Documents\valymas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.delfi.lt"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: TLFind Class - {8692FED1-9267-4624-96B9-3B94946A0524} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Biuras 2004\TDVLauncher.DLL /201 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra 'Tools' menuitem: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab? O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: 01606 - Unknown owner - \\68.145.186.219\Admin$\eraseme_17037.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: Client Server Runtime Process (Microsoft client and Server Runtime Server Subsystem) - Unknown owner - C:\WINNT\csrss.exe (file missing) O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe |
|
|
|
|
Mar 19 2007, 09:36 AM
Post
#4
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Good day,
After cleaning it gets better for a while, but then it all comes back again. So what next has to be done? Thank you very much. |
|
|
|
|
Mar 19 2007, 09:56 AM
Post
#5
|
|
|
Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
Click on Start/Control Panel/Add or Remove Programs and remove Ewido Security Suite,then restart your pc.
*************************** Click on Start>Run and type Services.msc then hit Ok. Scroll down and find the service's called: 01606 Client Server Runtime Process (Microsoft client and Server Runtime Server Subsystem) In the next window that opens, click their 'Stop' buttons. Then change their 'Startup Type''s to 'Disabled'. Now press Apply and then Ok and close any open windows. *************************** Download/install AVG Anti-Spyware 7.5. Please follow these instructions very carefully. Launch/start up AVG Anti-Spyware. On the main page click the 'Update' tab,and then 'Start Update'. Note: If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here: http://download.ewido.net/avgas-signatures-full-current.exe Once the updates have been installed,do the following: Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab. Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'. Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'. Exit AVG Anti-Spyware,don't run the scan just yet. You might want to print/copy the following as you need to be in Safe Mode from here on. Reboot your computer into SAFE MODE using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode". Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing: O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O23 - Service: 01606 - Unknown owner - \68.145.186.219Admin$eraseme_17037.exe (file missing) O23 - Service: Client Server Runtime Process (Microsoft client and Server Runtime Server Subsystem) - Unknown owner - C:\WINNT\csrss.exe (file missing) Still in Safe Mode launch AVG Anti-Spyware. Click the 'Scanner' icon at the top. To start the scan click on 'Complete System Scan'. Please be patient,it takes a while for the scan to finish. Once the scan is complete,do the following. If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'. Next click on 'Save Report'. Copy and paste that report into your next reply. The report can be found under the 'Reports' tab at the top. Close AVG Anti-Spyware when you've done. Reboot normally. Post the AVG Anti Spyware report and a new Hijackthis log into your next reply. Let me know how your pc is running now please. -------------------- If I have helped you in any way, please consider a donation:
Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 21 2007, 12:12 AM
Post
#6
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Hello,
At first I thought everything's fine. But after while, they comming back. Here's a situation: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:31:29 PM 19/03/2007 + Scan result: C:\SDFix\backups_old2\backups.zip/backups/csrss.exe -> Backdoor.SdBot.bck : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/eraseme_08083.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/eraseme_17213.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/eraseme_60564.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/ma1x1dd1.game -> Dialer.GBDialer.i : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/max1d1641.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined). C:\SDFix\backups_old1\backups.zip/backups/ma1x1dd1.game -> Dialer.GBDialer.i : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\PFQPZASV\hjgddaoxuh[1].htm -> Downloader.Small.cwj : Cleaned with backup (quarantined). C:\tujsjsqk.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\PFQPZASV\agmjxkuurb[1].txt -> Downloader.Small.ehs : Cleaned with backup (quarantined). C:\csfjged.exe -> Downloader.Small.ehs : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\GACFMQQ0\kqwgtddn[1].htm -> Hijacker.Agent.is : Cleaned with backup (quarantined). C:\qrxgijet.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/koos.exe -> Proxy.Wopla.ag : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/kprof -> Proxy.Wopla.ag : Cleaned with backup (quarantined). C:\SDFix\backups\backups.zip/backups/poof -> Proxy.Wopla.ag : Cleaned with backup (quarantined). :mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.5:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\Administrator\Cookies\administrator@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned. :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\80SKCV56\zspzmwkg[1].htm -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined). C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\PFQPZASV\rgkueobcmi[1].htm -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined). C:\uqjqg.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 10:11:29 PM, on 20/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\tcpipmon.exe C:\WINNT\system32\tcpipmon.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\program files\voipstunt.com\voipstunt\voipstunt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Logitech\Video\LowLight.exe C:\WINNT\alg.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\My Documents\valymas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.delfi.lt"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Biuras 2004\TDVLauncher.DLL /201 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra 'Tools' menuitem: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab? O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: awvtt - C:\WINNT\system32\awvtt.dll O20 - Winlogon Notify: hggfcax - C:\WINNT\SYSTEM32\hggfcax.dll O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll O20 - Winlogon Notify: sstqr - C:\WINNT\system32\sstqr.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINNT\alg.exe |
|
|
|
|
Mar 21 2007, 03:26 AM
Post
#7
|
|
|
Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it. When VundoFix re-opens,click the "Scan for Vundo" button. Once it's done scanning,click the "Remove Vundo" button. You will receive a prompt asking if you want to remove the files, click "YES". Once you click yes, your desktop will go blank as it starts removing Vundo. When completed,it will prompt that it will reboot your computer,click "OK". Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." -------------------- If I have helped you in any way, please consider a donation:
Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 21 2007, 09:26 PM
Post
#8
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Hello,
Still getting Trojan horses and what is new - pop-up windows (casino, poker, adult). Computer slow. VundoFix V6.3.17 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Scan started at 6:51:28 PM 21/03/2007 Listing files found while scanning.... C:\WINNT\system32\ffmkbifg.dll C:\WINNT\system32\jjkkj.bak1 C:\WINNT\system32\jjkkj.ini C:\WINNT\system32\jkkjj.dll C:\WINNT\system32\jslpaemw.dll C:\WINNT\system32\sxgcegto.dll C:\WINNT\system32\trxpbuen.dll Beginning removal... Attempting to delete C:\WINNT\system32\ffmkbifg.dll C:\WINNT\system32\ffmkbifg.dll Has been deleted! Attempting to delete C:\WINNT\system32\jjkkj.bak1 C:\WINNT\system32\jjkkj.bak1 Has been deleted! Attempting to delete C:\WINNT\system32\jjkkj.ini C:\WINNT\system32\jjkkj.ini Has been deleted! Attempting to delete C:\WINNT\system32\jkkjj.dll C:\WINNT\system32\jkkjj.dll Could not be deleted. Attempting to delete C:\WINNT\system32\jslpaemw.dll C:\WINNT\system32\jslpaemw.dll Has been deleted! Attempting to delete C:\WINNT\system32\sxgcegto.dll C:\WINNT\system32\sxgcegto.dll Has been deleted! Attempting to delete C:\WINNT\system32\trxpbuen.dll C:\WINNT\system32\trxpbuen.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.17 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Scan started at 6:58:58 PM 21/03/2007 Listing files found while scanning.... No infected files were found. Logfile of HijackThis v1.99.1 Scan saved at 7:14:43 PM, on 21/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\alg.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\WINNT\system32\tcpipmon.exe C:\WINNT\system32\tcpipmon.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\program files\voipstunt.com\voipstunt\voipstunt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Logitech\Video\LowLight.exe C:\Documents and Settings\Administrator\My Documents\valymas\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delfi.lt/ N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.delfi.lt"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\vnq2b661.slt\prefs.js) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400" O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Biuras 2004\TDVLauncher.DLL /201 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra 'Tools' menuitem: Tildes ieškiklis - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Biuras 2004\TLFindAddIn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab? O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: fccyaay - C:\WINNT\SYSTEM32\fccyaay.dll O20 - Winlogon Notify: hggfcax - C:\WINNT\SYSTEM32\hggfcax.dll O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINNT\alg.exe |
|
|
|
|
Mar 22 2007, 06:11 AM
Post
#9
|
|
|
Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip Unzip/extract it to your desktop. Start up Avenger. Check the 'Input script manually' option. Click the Magnifying Glass icon. In the box that opens,copy and paste ALL the following bold blue text in the Quote box below: QUOTE Files to delete: C:\WINNT\system32\tcpipmon.exe C:\WINNT\SYSTEM32\fccyaay.dll C:\WINNT\SYSTEM32\hggfcax.dll Then click on 'Done'. Click the Traffic Light icon to start the program. Then press OK at the prompts to reboot your PC. Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply. ********************************** Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.zip Please then reboot your computer into Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; * Select the first option, to run Windows in Safe Mode, then press "Enter". * Choose your usual account. * In Safe Mode, right click the SDFix.zip folder and choose Extract All, * Open the extracted folder and double click RunThis.bat to start the script. * Type Y to begin the script. * It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * Your system will take longer that normal to restart as the fixtool will be running and removing files. * When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. * Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply. Also post the Avenger output.txt and a new Hijackthis log please. -------------------- If I have helped you in any way, please consider a donation:
Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 23 2007, 09:40 AM
Post
#10
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Hello,
I couldn't do your last instructions, because I can't start my computer. Before Windows opens, it keeps rebooting itself. I can only get him working on Safe mode. Any ideas what went wrong? Thank you |
|
|
|
|
Mar 23 2007, 09:57 AM
Post
#11
|
|
|
Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
At what point did your pc start rebooting at startup,what had you done just before this problem started.
Can you post a new Hijackthis log please. -------------------- If I have helped you in any way, please consider a donation:
Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 23 2007, 10:43 AM
Post
#12
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
Well, last I did was "Vundo" and then I posted report and Hijackthis log.
Next day I was trying to turn computer on, but when it gets to that point "apllying personal settings", it starts rebooting itself. I am writing from different computer now. I don't now how I will be able to post new Hijackthis log. |
|
|
|
|
Mar 23 2007, 10:54 AM
Post
#13
|
|
|
Malware Assassin Group: HJT Team Posts: 13,611 Joined: 13-July 06 Member No.: 75,975 |
Do you happen to have a copy of the Microsoft Windows XP installation disk.
If you have try a Repair Install: Configure your computer to start from the CD-ROM drive. [Boot into the Bios and set your CD-Rom drive as first boot device]. For more information about how to do this,refer to your computer's documentation or contact your computer manufacturer. Then insert your Microsoft Windows XP Setup CD,and restart your computer. When the 'Press any key to boot from CD' message is displayed on screen, press a key. Press ENTER when you see the message to setup Windows XP now, and then press ENTER displayed on the 'Welcome to Setup' screen. Do not choose the option to press R to use the Recovery Console. In the Windows XP Licensing Agreement, press F8 to agree to the license agreement. Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP. Follow the instructions on the screen to complete Setup. -------------------- If I have helped you in any way, please consider a donation:
Proud Member of ASAP (Alliance of Security Analysis Professionals). Proud Member of U-N-I-T-E (Unified Network of Instructors and Trusted Eliminators). |
|
|
|
|
Mar 23 2007, 12:48 PM
Post
#14
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
I have Windows2000. But I don't have Cd. It there other way to fix it in from a safe mode?
Is this happened because of viruses? |
|
|
|
|
Mar 23 2007, 02:37 PM
Post
#15
|
|
|
Member Group: Members Posts: 40 Joined: 24-November 05 Member No.: 41,827 |
I also had a cable TV installed that day. You think it may affect computer?
|
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2009 - 01:41 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.