PDA

View Full Version : hii guys can you help me my computer infected and this seem 2 complicated for a girl


sexy_ladii05
2008-11-16, 19:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:24 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:..WINDOWS..System32..smss.exe
C:..WINDOWS..system32..csrss.exe
C:..WINDOWS..system32..winlogon.exe
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..Explorer.EXE
C:..Program Files..Spyware Doctor..pctsAuxs.exe
C:..Program Files..Spyware Doctor..pctsSvc.exe
C:..Program Files..Spyware Doctor..pctsTray.exe
C:..Program Files..Mozilla Firefox..firefox.exe
C:..Program Files..Trend Micro..HijackThis..HijackThis.exe

R1 - HKCU..Software..Microsoft..Internet Explorer..Main,Search Bar = http://us. rd. yahoo. com/customize/ie/defaults/sb/msgr9. r{}*http://www. yahoo. com
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go. microsoft. com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://us. rd. yahoo. com/customize/ie/defaults/su/msgr9. r{}*http://www. yahoo. com/ext/search/search. html
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Page = http://us. rd. yahoo. com/customize/ie/defaults/sp/msgr9. r{}*http://www. yahoo. com
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:..Program Files..MyWebSearch..SrchAstt..2.bin..MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:..WINDOWS..system32..userinit.exe,,SKEYS /I
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:..program files..google..googletoolbar3.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:..Program Files..MyWebSearch..bar..2.bin..MWSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:..Program Files..Windows Live Toolbar..msntb.dll
O4 - HKLM......Run: [igfxtray] C:..WINDOWS..system32..igfxtray.exe
O4 - HKLM......Run: [igfxhkcmd] C:..WINDOWS..system32..hkcmd.exe
O4 - HKLM......Run: [igfxpers] C:..WINDOWS..system32..igfxpers.exe
O4 - HKLM......Run: [SunJavaUpdateSched] "C:..Program Files..Java..jre1.6.0_03..bin..jusched.exe"
O4 - HKLM......Run: [SynTPEnh] C:..Program Files..Synaptics..SynTP..SynTPEnh.exe
O4 - HKLM......Run: [DVDLauncher] "C:..Program Files..CyberLink..PowerDVD..DVDLauncher.exe"
O4 - HKLM......Run: [dla] C:..WINDOWS..system32..dla..tfswctrl.exe
O4 - HKLM......Run: [Windows Defender] "C:..Program Files..Windows Defender..MSASCui.exe" -hide
O4 - HKLM......Run: [UnlockerAssistant] "C:..Program Files..Unlocker..UnlockerAssistant.exe"
O4 - HKLM......Run: [Cyberhawk] C:..Program Files..Novatix..Cyberhawk..CHTray.exe
O4 - HKLM......Run: [VerizonServicepoint.exe] C:..Program Files..Verizon..Servicepoint..VerizonServicepoint.exe
O4 - HKLM......Run: [LogitechQuickCamRibbon] "C:..Program Files..Logitech..QuickCam10..QuickCam10.exe" /hide
O4 - HKLM......Run: [ccApp] "C:..Program Files..Common Files..Symantec Shared..ccApp.exe"
O4 - HKLM......Run: [vptray] C:..PROGRA~1..SYMANT~1..VPTray.exe
O4 - HKLM......Run: [WinampAgent] C:..Program Files..Winamp..winampa.exe
O4 - HKLM......Run: [hpqSRMon] C:..Program Files..HP..Digital Imaging..bin..hpqSRMon.exe
O4 - HKLM......Run: [HP Software Update] C:..Program Files..HP..HP Software Update..HPWuSchd2.exe
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..QTTask.exe" -atboottime
O4 - HKLM......Run: [iTunesHelper] "C:..Program Files..iTunes..iTunesHelper.exe"
O4 - HKLM......Run: [install] C:..WINDOWS..WINDOWS..install.exe
O4 - HKLM......Run: [MyWebSearch Plugin] rundll32 C:..PROGRA~1..MYWEBS~1..bar..2.bin..M3PLUGIN.DLL,UPF
O4 - HKLM......Run: [My Web Search Bar Search Scope Monitor] "C:..PROGRA~1..MYWEBS~1..bar..2.bin..m3SrchMn.exe" /m=2 /w
O4 - HKLM......Run: [MyWebSearch Email Plugin] C:..PROGRA~1..MYWEBS~1..bar..2.bin..mwsoemon.exe
O4 - HKLM......Run: [SpyHunter Security Suite] C:..Program Files..Enigma Software Group..SpyHunter..SpyHunter3.exe
O4 - HKLM......Run: [ISTray] "C:..Program Files..Spyware Doctor..pctsTray.exe"
O4 - HKLM......Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU......Run: [msnmsgr] "C:..Program Files..MSN Messenger..msnmsgr.exe" /background
O4 - HKCU......Run: [ZVolume] C:..Program Files..ZVolume Pro..ZVolume.exe
O4 - HKCU......Run: [install] C:..WINDOWS..WINDOWS..install.exe
O4 - HKCU......Run: [MyWebSearch Email Plugin] C:..PROGRA~1..MYWEBS~1..bar..2.bin..mwsoemon.exe
O4 - HKCU......Run: [WinAntivirusPro] C:..Program Files..WinAntivirusPro3.8..WinAntivirusPro.exe
O4 - HKLM......Policies..Explorer..Run: [some] C:..Program Files..Online Add-on..icthis.exe
O4 - HKUS..S-1-5-21-3219249332-3734872426-413080633-1011......Run
: [msnmsgr] "C:..Program Files..MSN Messenger..msnmsgr.exe" /background (User '?')
O4 - HKUS..S-1-5-21-3219249332-3734872426-413080633-1011......Run
: [ZVolume] C:..Program Files..ZVolume Pro..ZVolume.exe (User '?')
O4 - HKUS..S-1-5-21-3219249332-3734872426-413080633-1011......Run
: [install] C:..WINDOWS..WINDOWS..install.exe (User '?')
O4 - HKUS..S-1-5-21-3219249332-3734872426-413080633-1011......Run
: [MyWebSearch Email Plugin] C:..PROGRA~1..MYWEBS~1..bar..2.bin..mwsoemon.exe (User '?')
O4 - HKUS..S-1-5-21-3219249332-3734872426-413080633-1011......Run
: [WinAntivirusPro] C:..Program Files..WinAntivirusPro3.8..WinAntivirusPro.exe (User '?')
O4 - Global Startup: Disk Cleaner.lnk = C:..Disk Cleaner..dclean.exe
O8 - Extra context menu item: &Google Search - res://C:..Program Files..Google..GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:..Program Files..Google..GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:..Program Files..Windows Live Toolbar..msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites. live. com/quickadd. aspx
O8 - Extra context menu item: Backward Links - res://C:..Program Files..Google..GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:..Program Files..Google..GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:..Program Files..Google..GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:..Program Files..Google..GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_03..bin..ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..jre1.6.0_03..bin..ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www. ietoolgate. com/redirect. php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www. ietoolgate. com/redirect. php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:..PROGRA~1..MICROS~4..OFFICE11..REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:..WINDOWS..Network Diagnostic..xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:..WINDOWS..Network Diagnostic..xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O10 - Unknown file in Winsock LSP: c:..windows..system32..nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger. zone. msn. com/binary/msgrchkr. cab31267. cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support. com Configuration Class) - https://activatemydsl. verizon. net/sdcCommon/download/DSL/tgctlcm. cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www. musicnotes. com/download/mnviewer. cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger. zone. msn. com/binary/MessengerStatsPAClient. cab31267. cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger. zone. msn. com/binary/msgrchkr. cab56986. cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger. zone. msn. com/binary/MineSweeper. cab31267. cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:..Program Files..Yahoo!..Common..yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd. bay115. hotmail. msn. com/resources/MsnPUpld. cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger. zone. msn. com/binary/SolitaireShowdown. cab56986. cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger. zone. msn. com/EN-US/a-UNO1/GAME_UNO1. cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger. zone. msn. com/binary/MessengerStatsClient. cab31267. cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger. zone. msn. com/binary/ZIntro. cab56649. cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger. zone. msn. com/binary/MessengerStatsPAClient. cab56907. cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2. macromedia. com/get/flashplayer/current/swflash. cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger. zone. msn. com/binary/MineSweeper. cab56986. cab
O17 - HKLM..System..CCS..Services..Tcpip......{2810EB22-763D-4D0C-
9450-64BBD1758685}: NameServer = 85. 255. 115. 158,85. 255. 112. 104
O17 - HKLM..System..CCS..Services..Tcpip......{47B379B3-4303-4474-
A1B6-AD205BA36BAE}: NameServer = 85. 255. 115. 158,85. 255. 112. 104
O17 - HKLM..System..CCS..Services..Tcpip......{7CDF0043-03B5-47FC-
8AF0-7966549557B1}: NameServer = 85. 255. 115. 158,85. 255. 112. 104
O17 - HKLM..System..CS1..Services..Tcpip..Parameters: NameServer = 85. 255. 115. 158 85. 255. 112. 104
O17 - HKLM..System..CS1..Services..Tcpip......{2810EB22-763D-4D0C-
9450-64BBD1758685}: NameServer = 85. 255. 115. 158,85. 255. 112. 104
O17 - HKLM..System..CS2..Services..Tcpip..Parameters: NameServer = 85. 255. 115. 158 85. 255. 112. 104
O17 - HKLM..System..CS2..Services..Tcpip......{2810EB22-763D-4D0C-
9450-64BBD1758685}: NameServer = 85. 255. 115. 158,85. 255. 112. 104
O17 - HKLM..System..CCS..Services..Tcpip..Parameters: NameServer = 85. 255. 115. 158 85. 255. 112. 104
O21 - SSODL: wmpenv - {41BFBC2F-8AF7-47B5-B288-2600DAB9E721} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..ccSetMgr.exe
O23 - Service: Cyberhawk - Novatix Corporation - C:..Program Files..Common Files..Novatix..Cyberhawk..CHService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:..Program Files..Symantec AntiVirus..DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:..Program Files..DellSupport..brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:..Program Files..Google..Common..Google Updater..GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:..PROGRA~1..Symantec..LIVEUP~1..LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:..program files..common files..logitech..lvmvfm..LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:..Program Files..Common Files..Logitech..SrvLnch..SrvLnch.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch. com - C:..PROGRA~1..MYWEBS~1..bar..2.bin..mwssvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:..Program Files..Dell..NICCONFIGSVC..NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:..Program Files..Symantec AntiVirus..SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:..Program Files..Spyware Doctor..pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:..Program Files..Spyware Doctor..pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..SPBBC..SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:..Program Files..Symantec AntiVirus..Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:..WINDOWS..privacy_danger..index.htm

--
End of file - 13949 bytes


http://forums.spybot.info/showthread.php?p=233136#post233136
katana
2008-11-21, 02:11
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Hello sexy_ladii05,

Is this the same machine that Blender was helping you with ?

Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
sexy_ladii05
2008-11-25, 02:02
:sad::noo different computer i quess i have bad luck :sad:
katana
2008-11-25, 12:18
Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag (http://go.microsoft.com/fwlink/?linkid=56062) to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.




Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
katana
2008-11-30, 01:09
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.