Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can anyone help me


  • Please log in to reply
3 replies to this topic

#1 B3RN4S

B3RN4S

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 15 April 2005 - 04:49 PM

What should i do??, i think that i am full of spyware.

Logfile of HijackThis v1.99.1
Scan saved at 21:56 BeRnAs, on 15-04-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programas\Analog Devices\SoundMAX\SMTray.exe
C:\Programas\D-Tools\daemon.exe
C:\Programas\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\COMMON~1\mouw\mouwm.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Mozilla Firefox\firefox.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programas\EA SPORTS\UEFA Champions League 2004 - 2005\ChampionsLeague2005.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Burnout\Ambiente de trabalho\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aamepkrofqjwfdpaxr.com/R8JOsnsT...QT0cqc1r4HD.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pphtjbcxtg.com/R8JOsnsTuS_O9Awn...vsfjyGhNvfM.cgi
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\nv32\bpkwb.dll
O2 - BHO: (no name) - {98F7396F-F196-E9BD-F70E-9241E481079C} - C:\DOCUME~1\Burnout\APPLIC~1\Grimname\owns help.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Programas\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\nv32\bpk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programas\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Each Bags Bold Cash] C:\Documents and Settings\All Users\Application Data\Date Cake Each Bags\license seek.exe
O4 - HKCU\..\Run: [mouw] C:\PROGRA~1\COMMON~1\mouw\mouwm.exe
O4 - HKCU\..\Run: [keep style] C:\DOCUME~1\Burnout\APPLIC~1\CURBFO~1\Hide readme dead.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{887A68BE-AB77-47ED-A666-27F04DA76110}: NameServer = 194.65.100.117
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

please help me
Back to top
View user's profile Send private message

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:05 AM

Posted 15 April 2005 - 04:57 PM

Hello B3RN4S,

Let's start by running some scans and seeing what they come up with. They should take out some of the malware.

Can you tell me if you are the only user of this computer? Or does your parents or children use it too?

One of your problems is that your IE is ancient and badly needs updating. You are a sitting duck for malware unless you update it.

Please go to
IE6 Service Pack 1 update site
and do all Critical Updates.

***************************************************

Please download, update and run (one at a time of course!)
Spybot 1.3 and Adaware SE

Fix whatever they suggest.

***************************************************

If you need help running these tools, here are some helpful tutorials.
Spybot 1.3 Tutorial
Adaware SE Tutorial


***************************************************

Be sure to run Adaware SE with a Full Scan in the Safe Mode.

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.


The following explains how to set Ad-aware's settings to perform a "Full Scan."

In Ad-aware click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:
Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected

Under the Advanced button, check ALL under Log detail level.

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile

In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion

Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom.


***************************************************


Please download, update and run the free A2 (A squared) anti-trojan

Let it fix whatever it wants to.

***************************************************


I know you may have anti-virus software, but sometimes its definitions are corrupted due to malware. Online scans are the best resort in this case.
Run this pc through the
Trend Micro Housecall Online virus scanner (Beta)
or
Panda Scan Online virus scanner

Let it delete all the malware it finds. If it cannot delete it, let me know the names and locations and we will delete it manually.


***************************************************

Next, reboot and post a fresh HijackThis log to this thread.

Edited by SifuMike, 15 April 2005 - 10:54 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 B3RN4S

B3RN4S
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 15 April 2005 - 07:05 PM

i cant update the windows, probably becase my key is not valid o_O. Can someone get me a key????

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:05 AM

Posted 15 April 2005 - 10:52 PM

i

cant update the windows, probably becase my key is not valid o_O. Can someone get me a key????


I do not understand what you mean when you say your key is invalid . :thumbsup: Do you mean that you have an illegal version of Windows?

You should be able to download all the updates to IE6 SP1 at the site I gave you.

It will do no use in removing the malware from your computer if you are not up to day with your IE6 and Windows, as you will be reinfected in seconds.

Edited by SifuMike, 15 April 2005 - 11:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users