|
|
||
08-12-2006, 01:00 AM
|
#1 (permalink) |
|
banned
Join Date: Dec 2005
Posts: 979
|
random popups
so... i just had a MAJOR trojan/virus/who knows what else problem, but i have run ewido, adaware, and avast, and the comp boots now. some problems are still there(random popups, slow speed) so i ran hijsck this. my log:
Logfile of HijackThis v1.99.1 Scan saved at 5:55:34 PM, on 8/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\tppaldr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\kybrdff_9.exe C:\dfndrff_8.exe C:\nwnmff_9.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\scvs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\freenet\bin\wrapper-windows-x86-32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\java.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ams-server*;;localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_9.exe O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe" O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe O4 - HKLM\..\Run: [wwijiciA] C:\WINDOWS\wwijiciA.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [win3209684527279] C:\WINDOWS\win3209684527279.exe O4 - HKLM\..\Run: [rmxiob] C:\WINDOWS\system32\rutqod.exe reg_run O4 - HKLM\..\Run: [xifd97dd] RUNDLL32.EXE w176aad3.dll,n 002d97db00000003176aad3 O4 - HKLM\..\Run: [w76acbf8.dll] RUNDLL32.EXE w76acbf8.dll,I2 002d97db076acbf8 O4 - HKLM\..\Run: [newname] C:\\nwnmff_9.exe O4 - HKLM\..\Run: [removenot] c:\windows\system32\removenot.exe O4 - HKLM\..\Run: [win3207796845272] C:\WINDOWS\win3207796845272.exe O4 - HKLM\..\Run: [sys03527279684] C:\WINDOWS\sys03527279684.exe O4 - HKLM\..\RunServices: [removenot] c:\windows\system32\removenot.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [ttool] C:\WINDOWS\scvs.exe O4 - HKCU\..\Run: [njfjp] C:\WINDOWS\system32\rutqod.exe reg_run O4 - HKCU\..\Run: [removenot] c:\windows\system32\removenot.exe O4 - HKCU\..\Run: [RPCser32g4] C:\WINDOWS\services.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe" O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - K:\PartyPokerNet\RunPF.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com O15 - Trusted Zone: *.mmohsix.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124666844875 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bej...ploader_v6.cab O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_m8.dll O20 - Winlogon Notify: Run - C:\WINDOWS\system32\r8r6li9s18.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Windows Security Drivers (csrs) - Unknown owner - C:\WINDOWS\csrss.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Freenet 0.7 darknet (freenet-darknet) - Unknown owner - C:\Program Files\freenet\bin\wrapper-windows-x86-32.exe" -s ../wrapper.conf (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe can anyone help me??? |
|
|
|
08-12-2006, 04:30 PM
|
#2 (permalink) |
|
Platinum Member
 Join Date: Jan 2006
Posts: 567
|
All i can say is 'What A MESS'. Start with this.
Run hijack this, click the "open misc. tool section" button, click "open uninstall manager>click save list,yes to the prompts, notepad will open with your add/remove programs list.Post that list here. |
|
|
|
|
08-12-2006, 05:42 PM
|
#3 (permalink) |
|
banned
Join Date: Dec 2005
Posts: 979
|
whoa... this is a ton of proggys... i have skimmed it, so i would assume anything i didn't install myself(tool888?)is malware?
7-Zip 4.23 Action Replay XBOX 1.40 Ad-Aware SE Personal Adobe Reader 7.0.8 AOL Instant Messenger ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver avast! Antivirus BigFix Bike or Die websync BitLord 1.1 BitTorrent 4.4.1 burnatonce CloneDVD 3.9.4 Craxtion4 Cypress USB Mass Storage Driver Installation DeepBurner v1.8.0.224 Digital Media Reader Documents To Go Enhanced Browser Overlay ewido anti-spyware 4.0 Express Burn Uninstall FairUse Wizard FileZilla (remove only) Finale NotePad 2005a FireTune Forethought GameSpy Arcade Google Toolbar for Internet Explorer Haali Media Splitter HijackThis 1.99.1 Hotfix for Windows XP (KB896344) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 Icons InterLok Driver Kit IRISmon iTunes J2SE Runtime Environment 5.0 Update 2 K-Lite Codec Pack 2.52 Full Macromedia Flash Player 8 Macromedia Shockwave Player Matroska Pack Mega X-Key Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Halo Trial Microsoft Money 2005 Microsoft Office Standard Edition 2003 Microsoft Picture It! Photo Premium 9 Microsoft Works mIRC Mozilla Firefox (1.5.0.6) MSN MSN Messenger 7.0 MSXML 4.0 SP2 Parser and SDK Multimedia Keyboard Driver Napster Burn Engine palmOne Photo Story 3 for Windows Pocket DVD Wizard Pocket-DVD Studio(remove only) PowerDVD PPF Toolkit Quick Batch File Compiler 2.0.7.1 Quicklinks QuickTime Rand McNally Route Planner ratDVD 0.78.1444 RealPlayer Realtek AC'97 Audio Rockbox version 2.5 Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB921883) Silly Pool SiSoftware Sandra Lite 2005.SR2a (Win64/32/CE) Soft Data Fax Modem with SmartCP Sonic Update Manager SpeedFan (remove only) Switch Uninstall System Requirements Lab TargetSaver The File Splitter 1.31 ToolBar888 TPP Storage Driver Installation Transcribe! 7.20 Unlocker 1.7.4 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) USB Storage Adapter FX (SM1) USB Storage Adapter V2 (TPP) Viewpoint Media Player Web Nexus Network Windows Backup Utility Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows Overlay Components Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Toolbar |
|
|
|
|
08-12-2006, 08:43 PM
|
#4 (permalink) |
|
Platinum Member
Join Date: Jan 2006
Posts: 567
|
Go to 'add/remove programs' and uninstall the following.
Forethought IRISmon Quicklinks TargetSaver ( not sure about this ) ToolBar888 Viewpoint Media Player Web Nexus Network Reboot and navigate to C/Programs files and delete any folders remaining there from the above programs. Download and install 'CCleaner Basic' here http://www.ccleaner.com/download/builds.aspx and run it.Make sure boxes are properly checked e.g.- temp. internet files,etc. Next, download, install and update 'A-squared' here http://www.emsisoft.com/en/software/free/ Download, install and update this excellent freebie- Superantispyware here http://www.superantispyware.com/download.html Please update 'Ewido' and 'Disable' the 'Guard' Reboot your computer in Safe Mode by doing the following. After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Please make sure ALL security programs are disabled until they are needed. Begin running your scans in this order. Ewido A-squared Superantispyware Run CCleaner from safemode. Reboot into normal windows, run 'CCleaner' again and then run this free online scan from 'Panda' http://www.pandasoftware.com/products/activescan.htm This scan also does removal.Once finished, save the 'Panda' log and post it here along with a new HJT log. |
|
|
|
|
09-07-2009, 08:18 AM
|
#5 (permalink) |
|
Bronze Member
 Join Date: Sep 2009
Posts: 28
|
You've got a huge virus. I suggest Ccleaner and kaspersky. They should fix it up really quick. But you've got one hell of a virus there
__________________
CPU: Intel Core i7 3.30GHz Motherboard: Gigabyte GA-EX58-DS4 Ram: 4GB Operating System: Windows XP Graphic Card: Nvidia GT (1GB) Hard Drive: 500GB |
|
|
|
|
09-07-2009, 08:54 AM
|
#6 (permalink) |
|
New Member
 Join Date: Sep 2009
Location: Sweden
Posts: 12
|
Download and run all of these free apps one at a time, they should help.
ThreatFire SUPERAntispyware MalwareBytes |
|
|
|
|
09-07-2009, 08:01 PM
|
#7 (permalink) |
|
Diamond Member
 
Join Date: Jan 2009
Location: St Helens, UK
Age: 16
Posts: 3,225
|
you do realise the thread is 3 years old right?
__________________
No dedi servers, No purchase sign the petition for MW2 to get dedicated servers: http://www.petitiononline.com/dedis4mw/petition.html and join the steam group: http://steamcommunity.com/groups/wewantdedicatedMW2 I will not pay £50 to be an IW beta tester |
|
|
|
 |
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| AHHH!!! POPUPS!!! need help | bugsy154 | Internet Discussion | 23 | 09-07-2009 11:48 PM |
| Still getting IE popups (even when not browsing) after running Xoftspy... | tmcksmith | Computer Security | 7 | 01-10-2006 10:41 PM |
| Random freezing | pfclassic | Video Cards and Monitors | 0 | 12-10-2005 06:19 PM |
| Random HTML, how to do it on website. | flame1117 | Internet Discussion | 24 | 08-03-2005 09:50 PM |
| Random Blue Screen | cottoncandysky | Video Cards and Monitors | 4 | 06-12-2005 10:30 PM |
Linear Mode
