Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need HELP before I kill my computer PLEASE


  • This topic is locked This topic is locked
2 replies to this topic

#1 tigger803

tigger803

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 23 April 2005 - 05:16 PM

My computer has gotten infested with BAD stuff. I have run Ad Aware and Spybot and come up with all kinds of malaware, spy & adware. I've tried everything I know to try and then some. I delete it all but then it all comes back and I don't know what else to do. Please help me, I've copied my Hyjack This log

Thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 5:14:25 PM, on 04/23/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Norton Internet

Security\ISSVC.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer

A920\dlbkbmgr.exe
C:\Program

Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Creative\Shared

Files\CAMTRAY.EXE
C:\Program Files\Dell AIO Printer

A920\dlbkbmon.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program

Files\Logitech\MouseWare\system\em_exec.

exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP

Software Update\HPWuSchd.exe
C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\nvpmia.exe
C:\WINDOWS\System32\colnlo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\colnlo.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NSMdtr.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

file://C:\WINDOWS\System32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

www.google.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://red.clientapps.yahoo.com/customize/i

e/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://help.bellsouth.net/fastaccess/launch.a

sp
O2 - BHO: BolgerObj Class -

{302A3240-4805-4a34-97D7-1645A0B08410} -

C:\WINDOWS\Bolger.dll
O2 - BHO: CControl Object -

{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}

- C:\Program Files\E2G\IeBHOs.dll (file

missing)
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}

- C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872}

- C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}

- C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility]

Logi_MwX.Exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920]

"C:\Program Files\Dell AIO Printer

A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Program

Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray]

C:\Program Files\Creative\Shared

Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [RegistryMechanic]

C:\Program Files\Registry

Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update]

"C:\Program Files\Hewlett-Packard\HP

Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager]

"C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery]

C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [etbrun]

C:\windows\system32\elitebra32.exe
O4 - HKLM\..\Run: [KavSvc]

C:\WINDOWS\system32\nvpmia.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [colnlo]

C:\WINDOWS\System32\colnlo.exe
O4 - HKCU\..\RunOnce: [colnlo]

C:\WINDOWS\System32\colnlo.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Yahoo!

&Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo!

&Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD}

- C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo!

Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD}

- C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

- C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -

https://install.charter.com/diskless/bin/tgctl

cm.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co

nsumer/V5Controls/en/x86/client/wuweb_site

.cab?1096943894828
O16 - DPF:

{8714912E-380D-11D5-B8AA-00D0B78F3D48}

(Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF:

{B9191F79-5613-4C76-AA2A-398534BB8999}

(YAddBook Class) -

http://us.dl1.yimg.com/download.yahoo.com/

dl/installs/suite/yautocomplete.cab
O16 - DPF:

{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}

(Yahoo! Webcam Viewer Wrapper) -

http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec

Corporation - C:\Program Files\Norton

Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) -

Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect

Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIP

T~1\SBServ.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service

(SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec

Corporation - C:\Program Files\Common

Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:34 AM

Posted 24 April 2005 - 03:02 AM

Hello,

Nice collection you have in there.

Download Ewido Security suite:
http://www.ewido.net/en/download/

Let it perform a full update, but don't let it scan yet!

* Download LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

* Reboot into Safe Mode`:
°To get into Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, this is normal.

*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

* Still in safe mode... Let Ewido perform a full scan and let it delete everything it is finding!!
When the scan is finished, you'll get the option to make a log.

Reboot back to normal mode and post a new hijackthislog together with the log from ewido.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:34 AM

Posted 08 May 2005 - 06:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users