Results 1 to 4 of 4

Thread: Help Please

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    0

    Unhappy Help Please

    Logfile of HijackThis v1.99.1
    Scan saved at 6:17:23 AM, on 12/31/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\WINDOWS\System32\winctrl32.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
    C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
    C:\Program Files\AT&T\WnClient\Programs\ARUpld32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E9BD8E4E-AA31-FCA2-49E1-981A858245F5} - keybdll.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {79BFE8FD-2F1A-2CE2-4406-5F801907EE9B} - C:\WINDOWS\System32\ikr.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
    O4 - HKLM\..\Run: [zxc] utsgmon.exe
    O4 - HKLM\..\Run: [keybdll] SetupExeDll.exe
    O4 - HKLM\..\Run: [Antispy] C:\Program Files\Defender Pro\AntiSpy\Dpas.exe startup
    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Bosnffij] C:\WINDOWS\System32\?hkntfs.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Usrr] C:\Program Files\etea\rpen.exe
    O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe
    O4 - HKCU\..\Run: [pro] C:\WINDOWS\System32\winctrl32.exe
    O4 - HKCU\..\Run: [media64] TorontoMail.exe
    O4 - HKCU\..\Run: [Dest068] trycrt.exe
    O4 - HKCU\..\Run: [AppMasterCenter] FLKPT.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/D.../Client_IE.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winfixer.com/files/i...nerInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{448F8BD5-04D4-40E4-AE15-FFE35EE0AF5D}: NameServer = 85.255.113.147,85.255.112.23
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95D64A73-F988-4036-8D02-B4AED109795B}: NameServer = 85.255.113.147,85.255.112.23
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A12E0508-0469-4093-A6D0-EFEA5899D383}: NameServer = 204.127.160.4 12.102.240.2
    O18 - Filter: text/html - (no CLSID) - (no file)
    O18 - Filter: text/plain - (no CLSID) - (no file)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Here my log please help every minute a message pops up says you infected im a noob please help!

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi ubuu9988,

    i would print this out or copy it to atext file like notepad and then save it somewhere like your desktop so you can read it while in safe mode

    first thing go out and download install, update ewido and one of your antivirus apps and spybot. dont run them yet though. we will use hjt, then boot into safe mode to run them.
    running 3 antivirus apps isnt a good idea, more isnt better in this case. think about keeping only one and we will unistall the others in safe mode. i see 3 panda, avg and norton?

    for Ewido:
    1. Download Ewido and install
    Ewido Security Suite. It is a free trial version of the program:

    http://www.ewido.net/en/download/

    2. Install ewido security suite
    3. Launch ewido, there should be an icon on your desktop double-click it.
    4. The program will now go to the main screen

    You will need to update ewido to the latest definition files.

    1. On the left hand side of the main screen click update
    2. Then click on Start Update

    The update will start and a progress bar will show the updates being installed.
    ----------------------------------------
    after you have ewido installed and everything updated. run hjt:

    scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

    R3 - URLSearchHook: (no name) - {E9BD8E4E-AA31-FCA2-49E1-981A858245F5} - keybdll.dll (file missing)

    O2 - BHO: (no name) - {79BFE8FD-2F1A-2CE2-4406-5F801907EE9B} - C:\WINDOWS\System32\ikr.dll (file missing)

    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto

    O4 - HKLM\..\Run: [zxc] utsgmon.exe
    O4 - HKLM\..\Run: [keybdll] SetupExeDll.exe
    O4 - HKCU\..\Run: [Bosnffij] C:\WINDOWS\System32\?hkntfs.exe
    O4 - HKCU\..\Run: [Usrr] C:\Program Files\etea\rpen.exe
    O4 - HKCU\..\Run: [desktop] C:\WINDOWS\System32\idemlog.exe
    O4 - HKCU\..\Run: [pro] C:\WINDOWS\System32\winctrl32.exe
    O4 - HKCU\..\Run: [media64] TorontoMail.exe
    O4 - HKCU\..\Run: [Dest068] trycrt.exe
    O4 - HKCU\..\Run: [AppMasterCenter] FLKPT.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

    O18 - Filter: text/html - (no CLSID) - (no file)
    O18 - Filter: text/plain - (no CLSID) - (no file)
    ----------------------------------------------------------
    ok now reboot computer int SAFE MODE. you reach safe mode by tapping the f8 key during a restart. chose the first option safe mode.

    ok once at the safe mode desktop. run ewido,spybot and the antivirus you updated earlier

    ewido:
    start ewido
    Click on scanner
    Click on Complete System Scan and the scan will begin.
    Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    Click Save report.
    Save the report .txt file to your desktop
    -----------------------------------------------
    now run spybot and the updated av.

    still in safe mode do this:
    start>settings>Control Panel> click the Internet options icon

    Next:

    Click on Delete Cookies.

    Click on Delete Files, Make sure Delete all offline content is checked and then click on OK

    Then click on Settings, then click on View Files if there is any thing in there, delete it.

    Then at the top in the address bar, at the end where it says:

    \Temporary Internet Files

    change it to \Temp then hit enter and delete whats in there
    -------------------------------------
    next go to the add/remove programs panel and uninstall if present:
    p2pnetworking
    spyhunter (not a trustworthy malware remover)
    also keep only one of your antivirus software apps, uninstall the others
    -------------------------------------
    ok after all that, restart computer normally.
    rescan with hjt and post a new log, also post the saved ewido log......shelf life

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,706

    Default

    ubuu9988, still here?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,706

    Default

    Due to lack of a response this topic will be archived.
    If you need it re-opened please pm me or one of the forum mods.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •