neednhelp log

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

neednhelp log

Options

needhelp View Member Profile	Dec 22 2004, 01:19 PM Post #1
New Member Group: Members Posts: 4 Joined: 22-December 04 Member No.: 7,660	hi this bleepin virus makes me sick !!!!!!!!!!!!!!!!! I try to do what you said but it is still on my pc.... this is my log R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 69.50.188.82 google.com O1 - Hosts: 69.50.188.82 altavista.com O1 - Hosts: 69.50.188.82 www.altavista.com O1 - Hosts: 69.50.188.82 search.yahoo.com O1 - Hosts: 69.50.188.82 yahoo.com O1 - Hosts: 69.50.188.82 www.yahoo.com O1 - Hosts: 69.50.188.82 search.aol.com O1 - Hosts: 69.50.188.82 askjeeves.com O1 - Hosts: 69.50.188.82 www.askjeeves.com O1 - Hosts: 69.50.188.82 www.directhit.com O1 - Hosts: 69.50.188.82 directhit.com O1 - Hosts: 69.50.188.82 www.excite.com O1 - Hosts: 69.50.188.82 excite.com O1 - Hosts: 69.50.188.82 alltheweb.com O1 - Hosts: 69.50.188.82 www.alltheweb.com O1 - Hosts: 69.50.188.82 go.com O1 - Hosts: 69.50.188.82 www.go.com O1 - Hosts: 69.50.188.82 goto.com O1 - Hosts: 69.50.188.82 www.goto.com O1 - Hosts: 69.50.188.82 hotbot.com O1 - Hosts: 69.50.188.82 www.hotbot.com O1 - Hosts: 69.50.188.82 lycos.com O1 - Hosts: 69.50.188.82 www.lycos.com O1 - Hosts: 69.50.188.82 dmoz.org O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {E42C556F-CADF-E80D-89AA-E0ABAE740DE2} - E:\WINDOWS.0\System32\huix.dll O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\javasnoop\jre\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SO5 Integrator Pass Two] E:\WINDOWS.0\SOINTGR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [Umts] E:\Documents and Settings\westcoast\Application Data\nomp.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Mcggwq] E:\WINDOWS.0\System32\??oolsv.exe O4 - HKCU\..\Run: [MSAgent] E:\WINDOWS.0\hhnt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS.0\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS.0\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing) O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: 67.19.178.84 (HKLM) O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version3/Applet/vchatsign.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25d15f4bdfc80c...RdxIE601_fr.cab O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://209.8.20.130/tb/loader2.ocx O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=3680 O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5D9457-A636-419A-97B8-28272B990B86}: NameServer = 80.10.246.1 80.10.246.132 O23 - Service: Adobe LM Service - Unknown - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - E:\WINDOWS.0\System32\dmadmin.exe O23 - Service: Journal des événements - Unknown - E:\WINDOWS.0\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI - Unknown - E:\WINDOWS.0\System32\imapi.exe O23 - Service: Macromedia Licensing Service - Unknown - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - E:\WINDOWS.0\System32\mnmsrvc.exe O23 - Service: DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe O23 - Service: DSDM DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - E:\WINDOWS.0\System32\nvsvc32.exe O23 - Service: Plug-and-Play - Unknown - E:\WINDOWS.0\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - E:\WINDOWS.0\system32\sessmgr.exe O23 - Service: Prise en charge des cartes à puces - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe O23 - Service: Carte à puce - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance - Unknown - E:\WINDOWS.0\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume - Unknown - E:\WINDOWS.0\System32\vssvc.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - E:\WINDOWS.0\wanmpsvc.exe O23 - Service: Carte de performance WMI - Unknown - E:\WINDOWS.0\System32\wbem\wmiapsrv.exe please help or i 'll have to format THX !!!

Daisuke View Member Profile	Dec 23 2004, 03:59 PM Post #2
Cleaner on Duty Group: HJT Team Posts: 5,480 Joined: 1-September 04 From: Bucharest, Romania Member No.: 2,383	Getting help here: http://www.bleepingcomputer.com/forums/ind...wtopic=6743&hl= Topic closed. -------------------- Everyday is virus day. Do you know where your recovery CDs are ? Did you create them yet ?

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 05:13 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides