My HJT Log File

Rambo · 04-22-2005, 06:04 PM

Ok, I have recently round that i have been getting some viri (is that the plural for virus?

) and thought I'd post a hiJackThis log file... Can anyone with exprerience or knowledge in this field help me out? Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 17:59:24, on 22/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\WINFRW.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Tim\Desktop\Docs\WALLPA~1\Changer\WALL PA~1.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\KeyCount\KeyCount.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla FireFox 1.0.2\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\msiexec.exe
C:\DOCUME~1\Tim\LOCALS~1\Temp\Rar$EX00.984\HijackT his.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1stech.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=192.168.0.1:6588;gopher=192.168.0.1:6588;http= 192.168.0.1:6588;https=192.168.0.1:6588;socks=192. 168.0.1:6588
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\BOOSTY~1.COM\DOWNLO~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [depij] C:\WINDOWS\depij.exe
O4 - HKLM\..\Run: [Windows Security Updater] C:\WINDOWS\WINFRW.EXE
O4 - HKLM\..\Run: [Microsoft Update Machine] winnie.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winnie.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winnie.exe
O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\Tim\Desktop\Docs\WALLPA~1\Changer\WALL PA~1.EXE /h
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Startup: Shortcut to KeyCount.lnk = C:\Program Files\KeyCount\KeyCount.exe
O4 - Global Startup: AntiVir Guard.lnk = C:\Program Files\AVPersonal\AVGNT.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: www.1stech.net
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.sothink.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

(I tired to uninstall RealVNC but it didn't uninstall, just incase you're wondering why it says "file missing")

Ok, so any help on this would be much appreciated!

**Byteman** · 04-22-2005, 06:12 PM

Wait a few, for analysis...

Rambo · 04-22-2005, 06:15 PM

Quote:

Originally Posted by Byteman

Wait a few, for analysis...

Thankyou!

**Byteman** · 04-22-2005, 06:18 PM

First things first, you have the W32.Spybot.worm infestation.

Run the steps below, then if any problems still exist afterwards, post back.

___________

1. Disable System Restore (right-click on "My Computer", Properties, System Restore, check Turn off System Restore).

2. Enable viewing of all files/folders (open "My Computer", Tools, Folder Options, View, click "View hidden folders and files" and uncheck "Hide extensions for known file types").

3. Update your Anti-virus program and run a full scan. If you don't have one or your subscription is out of date, then run BOTH online scans below. If you can run a scan with your updated Anti-virus program, then just run ONE of the online scans below.

http://www.pandasoftware.com/active...n_principal.htm

http://housecall.trendmicro.com/hou.../start_corp.asp

4. Download CWShredder, VX2finder, Kill2me, and run them. Let them fix what they find. See these links for download:
http://www.intermute.com/spysubtrac...r_download.html
http://www.pchell.com/downloads/vx2finder.exe
http://www.spywareinfo.com/~merijn/files/kill2me.zip

5. Now, download Ad-Aware SE, and SpyBot, (both are free, see links below) install them and update them seperately. Then run a FULL system scan with Ad-Aware, (not the Smart Scan), and check all the items it finds/let it remove them. Run SpyBot and scan, let it remove what it finds. REBOOT your machine and run them again, TAKE NOTE of what items still remain that they couldn't get ride of! Some items will be taken off from a 2nd scan and some items they will NOT be able to remove at all, (Note what those items are).

http://www.download.com/Ad-Aware-SE...ubj=dl&tag=top5
http://www.safer-networking.org/en/mirrors/index.html

Rambo · 04-22-2005, 06:27 PM

trying it now... ill post back when done

Rambo · 04-22-2005, 08:39 PM

Quote:

Originally Posted by Byteman

http://www.pandasoftware.com/active...n_principal.htm

http://housecall.trendmicro.com/hou.../start_corp.asp

Ok, I did a scan with a Anti-Virus and it found nothing

Then the pandasoft one said the error of 404... you know, the missing page error 404...

the trendmicro scans... then it comes to a folder....spends quite a while in it, finds something, then the computer automatically reboots

I gues it found a virus, tried to do somehting to it, and it rebooted the computer...

What should i do?

Shall I go onto step 4?

Help needed please!

**Byteman** · 04-22-2005, 08:47 PM

do you have a full anti-virus program installed on your machine?

Rambo · 04-22-2005, 11:09 PM

Quote:

Originally Posted by Byteman

do you have a full anti-virus program installed on your machine?

I have AVG AntiVir Version 6 Personal Edition - apparently a well respected free virus protection program...

Now that I think about it, on my motherboard, the driviers CD comes bundled with Trend Micro PC-Cillin Anti-Virus Software (OEM Version). Do you think I should install that instead?

**Byteman** · 04-23-2005, 04:45 AM

AVG is on version 7.308. Please download it here and update your AVG, be sure to update it's virus definitions after you've installed it. Then reboot to safe mode and run a full virus scan.

Rambo · 04-23-2005, 10:04 AM

Quote:

Originally Posted by Byteman

AVG is on version 7.308. Please download it here and update your AVG, be sure to update it's virus definitions after you've installed it. Then reboot to safe mode and run a full virus scan

Hmmm, well that is very strange that I don't have that version

I did the internet update....

Anyway, since I started to scan my computer with that online trend micro scanner, weird things have been happening to my computer... One of them which I said to you was that it rebooted randomnly... Now it has decided to reboot whenever it want's, even if I'm just browsing the web!

And this morning, when I booted the computer up, when the computer was recognizing all the drives on the black and white/grey writing screen, it wouldn't continue because it said that there was no keyboard present - when it was plugged in! So I inserted a PS/2 keyboard along with my current keyboard plugged in too... and it booted up... Then the mouse stopped working, and the USB keyboard which wasn't working at first, felt like it wanted to work again!

I eventually got the computer to recognise the mouse, and came straight to here...

Oh yeah, and another thing. After the little story above, when it was booting up it went into a kind of windows update thingy, you know when you first install SP2, you have a windows blue background with white writing... Well, anyway, it said it was scanning a drive for consistancy or something...I'm really confused and annoyed and I'm thinking of reformatting

I'll download the version 7 now, and retry the scan...I hope it works

Thanks.

04-22-2005, 06:04 PM	#1 (permalink)
Rambo Diamond Member Join Date: Nov 2004 Location: United Kingdom Posts: 3,829	My HJT Log File - Help! Ok, I have recently round that i have been getting some viri (is that the plural for virus? ) and thought I'd post a hiJackThis log file... Can anyone with exprerience or knowledge in this field help me out? Thanks! Logfile of HijackThis v1.99.1 Scan saved at 17:59:24, on 22/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\M-Audio Fast Track\GBInst.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe C:\WINDOWS\WINFRW.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\Tim\Desktop\Docs\WALLPA~1\Changer\WALL PA~1.EXE C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\KeyCount\KeyCount.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla FireFox 1.0.2\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\msiexec.exe C:\DOCUME~1\Tim\LOCALS~1\Temp\Rar$EX00.984\HijackT his.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1stech.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=192.168.0.1:6588;gopher=192.168.0.1:6588;http= 192.168.0.1:6588;https=192.168.0.1:6588;socks=192. 168.0.1:6588 R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\BOOSTY~1.COM\DOWNLO~1\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\WINFRW.EXE O4 - HKLM\..\Run: [CTHelper] cthelper.exe O4 - HKLM\..\Run: [depij] C:\WINDOWS\depij.exe O4 - HKLM\..\Run: [Windows Security Updater] C:\WINDOWS\WINFRW.EXE O4 - HKLM\..\Run: [Microsoft Update Machine] winnie.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe O4 - HKLM\..\RunServices: [Microsoft Update Machine] winnie.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTHelper] cthelper.exe O4 - HKCU\..\Run: [Microsoft Update Machine] winnie.exe O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\Tim\Desktop\Docs\WALLPA~1\Changer\WALL PA~1.EXE /h O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe O4 - Startup: Shortcut to KeyCount.lnk = C:\Program Files\KeyCount\KeyCount.exe O4 - Global Startup: AntiVir Guard.lnk = C:\Program Files\AVPersonal\AVGNT.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O15 - Trusted Zone: www.1stech.net O15 - Trusted Zone: www.hotmail.com O15 - Trusted Zone: http://www.sothink.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) (I tired to uninstall RealVNC but it didn't uninstall, just incase you're wondering why it says "file missing") Ok, so any help on this would be much appreciated!

04-22-2005, 06:12 PM	#2 (permalink)
Byteman Malware Destroyer Join Date: Apr 2005 Location: Hurricane Heaven... still Posts: 1,093	Wait a few, for analysis... __________________ Don't byte off more than you can chew...

04-22-2005, 06:18 PM	#4 (permalink)
Byteman Malware Destroyer Join Date: Apr 2005 Location: Hurricane Heaven... still Posts: 1,093	First things first, you have the W32.Spybot.worm infestation. Run the steps below, then if any problems still exist afterwards, post back. ___________ 1. Disable System Restore (right-click on "My Computer", Properties, System Restore, check Turn off System Restore). 2. Enable viewing of all files/folders (open "My Computer", Tools, Folder Options, View, click "View hidden folders and files" and uncheck "Hide extensions for known file types"). 3. Update your Anti-virus program and run a full scan. If you don't have one or your subscription is out of date, then run BOTH online scans below. If you can run a scan with your updated Anti-virus program, then just run ONE of the online scans below. http://www.pandasoftware.com/active...n_principal.htm http://housecall.trendmicro.com/hou.../start_corp.asp 4. Download CWShredder, VX2finder, Kill2me, and run them. Let them fix what they find. See these links for download: http://www.intermute.com/spysubtrac...r_download.html http://www.pchell.com/downloads/vx2finder.exe http://www.spywareinfo.com/~merijn/files/kill2me.zip 5. Now, download Ad-Aware SE, and SpyBot, (both are free, see links below) install them and update them seperately. Then run a FULL system scan with Ad-Aware, (not the Smart Scan), and check all the items it finds/let it remove them. Run SpyBot and scan, let it remove what it finds. REBOOT your machine and run them again, TAKE NOTE of what items still remain that they couldn't get ride of! Some items will be taken off from a 2nd scan and some items they will NOT be able to remove at all, (Note what those items are). http://www.download.com/Ad-Aware-SE...ubj=dl&tag=top5 http://www.safer-networking.org/en/mirrors/index.html __________________ Don't byte off more than you can chew...

04-22-2005, 08:47 PM	#7 (permalink)
Byteman Malware Destroyer Join Date: Apr 2005 Location: Hurricane Heaven... still Posts: 1,093	do you have a full anti-virus program installed on your machine? __________________ Don't byte off more than you can chew...

04-23-2005, 04:45 AM	#9 (permalink)
Byteman Malware Destroyer Join Date: Apr 2005 Location: Hurricane Heaven... still Posts: 1,093	AVG is on version 7.308. Please download it here and update your AVG, be sure to update it's virus definitions after you've installed it. Then reboot to safe mode and run a full virus scan. __________________ Don't byte off more than you can chew...

04-22-2005, 06:27 PM	#5 (permalink)
Rambo Diamond Member Join Date: Nov 2004 Location: United Kingdom Posts: 3,829	trying it now... ill post back when done

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode