Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Imiserver Ieplugin, Plus A Bunch Of Other Problems Really


  • This topic is locked This topic is locked
6 replies to this topic

#1 lyk3omgoshxx

lyk3omgoshxx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 12 May 2008 - 06:13 PM

Hi there, I've got a variety of problems with my computer at the moment and it's gotten outside my realm of knowledge.

Some things that are currently going on:

ImIserver IEplugin comes up on a scan, but cannot be removed.
A Windows SecurityCenter balloon is in my taskbar, asking me to purchase: UltimateFixer, SystemDefender, SysCleaner. It is also frequently telling me that there are viruses on websites I'm using and it is occasionally shutting off my PC altogether.
My TaskManager will not open, and upon starting, windows notifies me that a file cmd.exe is missing.

I would really appreciate some help with this!

Of course, I forgot the HiJack file!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:27 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSTEMPDIL2F.tmp
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32Sysctrls.exe
C:WINDOWS17PHolmes1001186.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:DOCUME~1OwnerLOCALS~1TempTemporary Internet FilesContent.IE5FH6JSS1FHiJackThis[1].exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn2yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpn2yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:Program FilesSpcronSpcron.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: (no name) - {613EC4C6-2003-2DFE-0215-5B00BCC281C0} - C:WINDOWSsystem32qtrsz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:Program FilesADSTechnologyADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:Program FilesActivationManagerActivationManager.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:WINDOWSsystem32mysidesearch_sidebar.dll
O2 - BHO: (no name) - {9ED33BD5-8743-83E5-1794-A38F04527A90} - C:WINDOWSsystem32bjxlax.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:Program FilesViewpointViewpoint Toolbar3.8.0ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - {C8806CD8-D045-83E1-1394-A38F04517E91} - C:WINDOWSsystem32stpp.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn2yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:Program FilesCommon FilesViewpointToolbar Runtime3.8.0IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [GameFace Messenger] C:Program FilesGameFace MessengerGameFace.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Microsoft] test.exe
O4 - HKLM..Run: [Sysctrls] Sysctrls.exe
O4 - HKLM..Run: [AutoInclude] C:WINDOWSTEMPDIL4.tmp
O4 - HKLM..Run: [VirusHeat 4.4] "C:Program FilesVirusHeat 4.4VirusHeat 4.4.exe" /h
O4 - HKLM..RunServices: [Sysctrls] Sysctrls.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Sysctrls] Sysctrls.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [Scrc] "C:PROGRA~1SKS~1wowexec.exe" -vt ndrv
O4 - HKCU..Run: [Aoqzzl] "C:Documents and SettingsOwnerApplication Data??crosoft.NET?hkntfs.exe"
O4 - HKCU..Run: [Camfrog] "C:Program FilesCamfrogCamfrog Video ChatCamfrogNet.exe" 0 C:Program FilesCamfrogCamfrog Video ChatCamfrog Video Chat.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..Run: [WinTouch] C:Documents and SettingsOwnerApplication DataWinTouchWinTouch.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Scrc] "C:DOCUME~1OwnerAPPLIC~1SKS~1winspool.exe" -vt yazb (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Jmwbdtp] "C:Program Files?ymantecm?hta.exe" (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [SpeedRunner] C:Documents and SettingsOwnerApplication DataSpeedRunnerSpeedRunner.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [SfKg6wIP] C:Documents and SettingsOwnerApplication DataMicrosoftWindowsvfpmxcml.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Twain] C:Program FilesTwainTwain.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Svconr] C:Program FilesSvconrSvconr.exe (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [WinUpdater] "C:Program Fileswinviupdate.exe" /background (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [WebSUpdater] "C:Program Fileswinviwupda.exe" /background (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [WinTouch] C:Documents and SettingsOwnerApplication DataWinTouchWinTouch.exe (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:Program FilesBitSpiritbsurl.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binnpjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binnpjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyPokerPartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyPokerPartyPoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.175.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://sympatico.zone.msn.com/bingame/zpag...O1.cab50727.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: aeaqaolj - C:WINDOWSSYSTEM32aeaqaolj.dll
O22 - SharedTaskScheduler: Wheel Mouse Optical Driver - {D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} - (no file)
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:WINDOWSsystem32uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:WINDOWSSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:WINDOWSsystem32cisvc.exe (file missing)
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:WINDOWSsystem32dllhost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:WINDOWSSystem32dmadmin.exe (file missing)
O23 - Service: ewido security suite control - Unknown owner - C:Program Filesewido anti-malwareewidoctrl.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:WINDOWSsystem32imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:Program FilesSonyNet MD Simple BurnerNetMDSB.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:WINDOWSsystem32locator.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - C:Program FilesPC Connectivity SolutionServiceLayer.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:PROGRA~1COMMON~1SONYSH~1AVLibSptisrv.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:WINDOWSsystem32dllhost.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:Program FilesWindows LiveinstallerWLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:Program FilesWindows Media PlayerWMPNetwk.exe (file missing)

--
End of file - 16559 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 12 May 2008 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:37 PM

Posted 31 May 2008 - 12:02 PM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all....

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


But I have a bad feeling here and I guess you are also dealing with a file infector. :thumbsup:
This means legitimate files are infected and cannot always be disinfected by scanners.
In that case, the fastest and safest solution is to perform a format and reinstall.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 lyk3omgoshxx

lyk3omgoshxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 04 June 2008 - 04:12 AM

Conveniently for me, I guess, I don't actually need anything that is on this PC. So starting over is perfectly fine, probably preferred if anything.
However, this PC was a hand-me-down gift, and doesn't have a Windows XP CD with it.
I know nothing about recovery discs and partitioned drives, etc.
Nor do I even know if this computer has the files necessary to make a recovery disc.
So the next question is, if I just download a copy of XP off of a torrent site, will that be fine?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:37 PM

Posted 04 June 2008 - 04:18 AM

if I just download a copy of XP off of a torrent site, will that be fine?

No. Because I won't help you then anymore since I don't support illegal software. Also, if you use an illegal version of Xp, you won't be able to update it, so won't be able to protect it.
So please purchase a legal version of XP instead :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 lyk3omgoshxx

lyk3omgoshxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 07 June 2008 - 06:03 AM

Lol, I actually don't usually support illegal software myself.
But yeah, 21 year old student.
Money isn't always availale, but I'll probably just wind up buying XP this weekend, I need this thing working again.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:37 PM

Posted 07 June 2008 - 03:04 PM

Money isn't always availale, but I'll probably just wind up buying XP this weekend, I need this thing working again.

In that case, please format and install the legal Windows version since this version you are running now is severly infected. Since this PC was a "hand-me-down gift" - I really see no need why you should keep the current data including the malware present if a format and reinstall is the fastest and especially the safest method. Then you can configure your Windows the way you want it, with the programs you want :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:37 PM

Posted 17 June 2008 - 02:05 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users