|
|
||
|
|||||||
 |
|
|
LinkBack | Thread Tools | Display Modes |
08-06-2005, 03:48 AM
|
#1 (permalink) |
|
New Member
 Join Date: Aug 2005
Posts: 1
|
used mcfee, spybot, adware, etc. POPUP PERSISTS! HELP! Hijack log is here
Hello, on my wife´s family´s computer I get constantly this message:
Microsoft Windows has encountered an Internal Error. Your windows registry is corrupted. We recommend a complete system scan. Visit http://FixRegNow.com To repair now! OK ------------- I know it´s a scam. I´ve run CSW shredder, spybot, adware 6, spyblaster, reg mechanic, and used hijack now, and read tutorials to fix numerous things...but...still this little hardy bastard persists!!!!! I know you all work so hard, so I wanted to fix myself, and will continue to learn, I want to fix this computer for them, so your expertise is well appreciated!!!!!!! Here is the log: -------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:42:22, on 5/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\VTTimer.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\pctspk.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T 1.EXE C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\PDF-XChange 2.5\pdfSaver.exe C:\Arquivos de programas\PDF-XChange 2.5\pdfSaver.exe C:\Arquivos de programas\Yahoo!\Messenger\ymsgr_tray.exe C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Daniel\Configurações locais\Temp\Diretório temporário 7 para hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnanow.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Yahoo! Pager] C:\Arquivos de programas\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [pdfSaver] C:\Arquivos de programas\PDF-XChange 2.5\pdfSaver.exe O4 - Startup: PDF-XChange Capture.lnk = C:\Arquivos de programas\PDF-XChange 2.5\pdfSaver.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1123213722703 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1123274772046 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E7553AEF-B3C9-4D4E-A2EB-6EFD22712A24}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe ------------------------------------------------- Kind Regards, Vern |
|
|
|
08-06-2005, 05:46 AM
|
#2 (permalink) |
|
Bronze Member
 Join Date: Jul 2005
Posts: 93
|
Adaware 6 is outdated. You'd have better luck using adaware SE 1.06
It sounds like a spyware problem to me. Download spyware doctor and edwido security suite. UPDATE all anti-spyware/virus programs and run them in safe mode and see what happens. Let us know how it turns out. |
|
|
|
|
08-06-2005, 11:34 AM
|
#4 (permalink) |
|
Digaredd
 
Join Date: May 2005
Location: Melbourne AU
Posts: 6,653
|
Let's see if Ewido finds anything.
Download Ewido. Update it, then boot into safemode by tapping f8 on startup. Once in safemode, run a full scan with Ewido. Let it clean anything it finds. When it's finished, save the report and post it here.
__________________
The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight! |
|
|
|
|
08-06-2005, 01:50 PM
|
#5 (permalink) |
|
VIP Member
 
Join Date: Dec 2003
Location: Bucharest
Age: 42
Posts: 3,042
|
That log is pretty clear. But this running process could be dubious:
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe Edit: at a second look at the log, this entry seems to be definitely dubious: O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll Last edited by Lorand; 08-06-2005 at 02:05 PM. |
|
|
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
