Can Somone Help Me!!!!!!

**clueless_with_computers** · 2006-10-25, 03:57

I Dont Have A Clue About Computers
My Names Laura
I Need Help!!!!!!!!!!!
My Computer Is Infected With God Knows Wat And I Havent A Clue How To Get Rid Of Them. One I Saw Was Called Thematrixhasyou.exe But My Scan Thing Showed I Have 240 Infections Or Somthing
Any Help Wud Be Great Thanks

Laura
X

**clueless_with_computers** · 2006-10-25, 04:57

Logfile of HijackThis v1.99.1
Scan saved at 03:56:14, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Laura O'Connor\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/cd_redirects/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6CD591A6-13A2-E3A8-65FE-06083FE10A76} - C:\WINDOWS\system32\yysbdgc.dll
O2 - BHO: (no name) - {701703CC-2CC2-0BBB-C450-00196E4EB200} - C:\WINDOWS\system32\zjqjhgn.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [bgxgqsd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\bgxgqsd.dll,owugqub
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: wintku32 - C:\WINDOWS\SYSTEM32\wintku32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe

**clueless_with_computers** · 2006-10-25, 05:16

attached is the results of a check i just did with avg checker

**clueless_with_computers** · 2006-10-25, 05:18

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 04:17:30 25/10/2006

+ Scan result:

C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP68\A0030838.DLL -> Adware.FunWeb : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP78\A0031585.DLL -> Adware.FunWeb : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP82\A0031728.DLL -> Adware.FunWeb : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP89\A0032015.DLL -> Adware.FunWeb : Cleaned.
HKU\S-1-5-21-2152529810-1700657334-1527789193-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-2152529810-1700657334-1527789193-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP68\A0030868.DLL -> Adware.IWon : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP78\A0031604.DLL -> Adware.IWon : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP84\A0031790.DLL -> Adware.IWon : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0032558.DLL -> Adware.IWon : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP69\A0030902.EXE -> Adware.MyWebSearch : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP84\A0031774.EXE -> Adware.MyWebSearch : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP89\A0032010.EXE -> Adware.MyWebSearch : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0032592.EXE -> Adware.MyWebSearch : Cleaned.
C:\Program Files\Common Files\{3CA81914-05D8-2057-0124-05050118002c}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{6CA81914-05D8-2057-0124-05050118002c}\services.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP68\A0030858.DLL -> Downloader.IstBar : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP78\A0031594.DLL -> Downloader.IstBar : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP84\A0031780.DLL -> Downloader.IstBar : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0032549.DLL -> Downloader.IstBar : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0032570.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP59\A0029986.exe -> Dropper.Delf.xo : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Laura O'Connor\Cookies\laura_o'connor@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Laura O'Connor\Local Settings\Temp\mst4C4.tmp -> Trojan.Agent.aae : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP78\A0031584.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP82\A0031710.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP83\A0031752.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP84\A0031800.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0032567.exe -> Trojan.Dialer.qs : Cleaned.
C:\System Volume Information\_restore{A5B1DDCE-CC02-4919-AA1C-DD40F3DB7010}\RP92\A0035592.exe -> Trojan.Sinowal.be : Cleaned.

::Report end

**LonnyRJones** · 2006-10-29, 01:24

Welcome to the forum

Are you recieving help elswhere ?

If not Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {6CD591A6-13A2-E3A8-65FE-06083FE10A76} - C:\WINDOWS\system32\yysbdgc.dll
O2 - BHO: (no name) - {701703CC-2CC2-0BBB-C450-00196E4EB200} - C:\WINDOWS\system32\zjqjhgn.dll
O4 - HKLM\..\Run: [bgxgqsd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\bgxgqsd.dll,owugqub
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 - Winlogon Notify: wintku32 - C:\WINDOWS\SYSTEM32\wintku32.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh Hijackthis log

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

**tashi** · 2006-11-06, 08:15

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.

Thread: Can Somone Help Me!!!!!!

Thread Tools

Display

Can Somone Help Me!!!!!!

here is my hijack log, maybe somone can help

Posting Permissions