Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager And Display Disabled With Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 robertlukeperrin

robertlukeperrin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 07 August 2008 - 04:02 AM

Please can someone help analyse my Hijackthis log and advise what to do. My display is disabled and I have no access to my C drive.
Help save my laptop - Thanks Rob

StartupList report, 05/08/2008, 21:48:18
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Robert\Desktop\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert\Desktop\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LaunchApp = Alaunch
SiSPower = Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook = C:\WINDOWS\system32\keyhook.exe
SoundMan = SOUNDMAN.EXE
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PCMService = "C:\Program Files\Arcade\PCMService.exe"
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LManager = C:\Program Files\Launch Manager\QtZgAcer.EXE
eRecoveryService = C:\Acer\Empowering Technology\eRecovery\Monitor.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
My Web Search Bar = rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SM_IAN = C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O2 = "C:\Program Files\O2\bin\sprtcmd.exe" /P O2

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Polar Sync =
PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
TomTomHOME.exe = "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
s9201 = "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\ACER.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {00A6FAF1-072E-44cf-8957-5838F569A31D}
(no name) - C:\WINDOWS\nfavxwdbkvn.dll - {265E6540-2B95-4A81-9AF9-1456522F975B}
(no name) - C:\WINDOWS\system32\yayvTnkK.dll (file missing) - {275C3279-F377-43D4-A530-C738EECA7A89}
BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - (no file) - {4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINDOWS\system32\geBuRHBR.dll (file missing) - {D84C240B-99AE-4338-93E5-E1B00EA5ACE2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[WaveTab Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wavetab.ocx
CODEBASE = http://www.riffinteractive.com/setup/RiffLick.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab

[Facebook Photo Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
CODEBASE = http://upload.facebook.com/controls/...toUploader.cab

[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://go.divx.com/plugin/DivXBrowserPlugin.cab

[Symantec Download Manager]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
CODEBASE = https://webdl.symantec.com/activex/symdlmgr.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/micr...?1195672929406

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://fpdownload.macromedia.com/get...nt/swflash.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcafee.com/molbin/is...52/mcfscan.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\System32\WinCtrl32.dl_ => C:\WINDOWS\System32\WinCtrl32.dll||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
eqvwamkl: C:\WINDOWS\eqvwamkl.dll

--------------------------------------------------
End of report, 11,969 bytes
Report generated in 0.625 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


m

#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 18 August 2008 - 02:54 AM

Hi

Looks like you've posted startuplist instead of HijackThis log. If you still need help with this do the following to get latest hjt log:
Do a system scan only
* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 robertlukeperrin

robertlukeperrin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 18 August 2008 - 04:04 AM

Hi,

Thanks for getting back to me.

Thankfully my PC is now cured after corresponding with a guy on askanexpert.com who talked me through Spybot, Combofix and Hijackthis to remove all the nasties.

Thanks for getting back to me.

Rob

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:36 AM

Posted 18 August 2008 - 04:10 AM

Ok. Thanks for the heads up :thumbsup:

Since this issue appears to be resolved ... this Topic has been closed.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users