PDA

View Full Version : help please



monsef
2011-06-23, 07:08
install screen vanish I can't do any thing I visited too many forums but no body gave me an answer that I understood they told me to download HijackThis program and I did it and this is the log so please help me thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:31 AM, on 6/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\netsh.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\wintjrt.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winkfxxu.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winintaei.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\tpfe.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\phgqw.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\uksj.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\wincsanw.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winflem.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winqbhjgs.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\vxtc.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winforw.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winbwvyyk.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winsgvdv.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winrooujx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\monsef\LOCALS~1\Temp\wxio.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\winrqjy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\monsef\LOCALS~1\Temp\wingfpqb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\monsef\Desktop\HijackThis\HijackThis.exe

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4165 bytes
and this is the log
give me any help thanks

tashi
2011-06-23, 07:26
Hello monsef,

That HJT log has been run from an outdated version, but it is also not the log requested here for a preliminary malware analysis. ;)

Please see this forum's sticky which includes guidelines and instructions in post #2 on how to provide preliminary "DDS" logs.

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

You would need to start a new topic as helpers look for those without a response but first;

I visited too many forums but no body gave me an answer that I understood they told me to download HijackThis program and I did it and this is the log so please help me thanks

That sounds like you started topics at other forums? Please provide link/s to them. :)

Best regards.

monsef
2011-06-23, 09:37
hi I need help please tasha tell me what to do in steps numbered with links if steps contains programs to use because I don't know any thing about malware and these things thanks

monsef
2011-06-23, 13:45
hi I need help please I can't setup any anti virus please solve this problem for me with steps please thanks

tashi
2011-06-23, 15:54
Hello monsef,

Please do not send PMs or start new topics all over the site. :eek:

I visited too many forums but no body gave me an answer that I understood they told me to download HijackThis program and I did it and this is the log so please help me thanks

Please respond to this question, here in this thread.


That sounds like you started topics at other forums? Please provide link/s to them. :)

Best regards.

monsef
2011-06-23, 21:24
I didn't post I googled and I found some forums which had step so I followed them that's it I didn't say I didn't say I created any posts and I just formatted my hard drive so please tell me how to be able to install an anti virus as soon as possible please tell me steps to follow
thanks

tashi
2011-06-23, 22:37
Hello monsef,



Please do not send PMs


no body gave me an answer that I understood they told me to download HijackThis program
Thank you for clarifying that comment with,

I didn't post I googled and I found some forums which had step so I followed them that's it I didn't say I didn't say I created any posts


and I just formatted my hard drive so please tell me how to be able to install an anti virus as soon as possible please tell me steps to follow
thanks

Suggestions here,
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
recommended anti virus (http://forums.spybot.info/showthread.php?t=9289)

Please see the sticky topic which includes guidelines for this forum and also instructions in post #2 on how to provide preliminary "DDS" logs which are used for analysis.

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing the DDS logs as shown in that sticky with a link back to this thread for the perusal of our volunteer analysts. :)

This thread is now closed so that you may start anew.

Best regards.