Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
5 Pages V   1 2 3 > »   
 Closed TopicStart new topic
NT authority [RESOLVED], it shut off by itself leaving me 60 secs.
Cinnamoroll
post Sep 27 2008, 09:44 AM
Post #1


Member
**
Posts: 55
OS: Windows XP
hi ppl nice to meet u all! im new here and here is the info:


i already done the ATF CLeaner
system restore
ERUNT
Malwarebytes' Anti-Malware
Did a full scan using AVG
Windows Updates
Reboot
and finally posting the Hijack This Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:05 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1047.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187908546421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187908528859
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



also should i update windows updates that are optional??

This post has been edited by Cinnamoroll: Sep 27 2008, 05:34 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Sep 30 2008, 09:09 PM
Post #2


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll, and welcome to Geeks to go.
Sorry about the delay, everyone here has been very busy.
QUOTE
also should i update windows updates that are optional??

Yes I would, any updates I get for my windows I go ahead and update it.

To get started please post a fresh HijackThis log in your next reply.
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 1 2008, 04:55 PM
Post #3


Member
**
Posts: 55
OS: Windows XP
Thnx, but the NT authority didnt happen for today ONLY so does that mean it wont happen again? also im getting more viruses pop up than usually but i heal it w/ AVG so is it alright?..... anyways here is my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:52 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1047.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187908546421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187908528859
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

This post has been edited by Cinnamoroll: Oct 1 2008, 04:55 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Oct 1 2008, 06:22 PM
Post #4


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll,
QUOTE
but the NT authority didnt happen for today ONLY so does that mean it wont happen again?

Can't say for sure yet, I will have you do a deeper scan and see what it reveals.
QUOTE
also im getting more viruses pop up than usually but i heal it w/ AVG so is it alright?

Yes that it fine to heal them with AVG. Would you please tell me where AVG is finding these viruses?


STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please click Start>Control Panel>Add or Remove Programs. And remove the following program.(if present)
Viewpoint Media Player

And then please delete the following folder. (if present)
C:\Program Files\Viewpoint

STEP 3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

~~~~~~~~~~~
In your next reply please have these logs. You will need to use more then one reply for the logs to fit.

    The RSIT logs
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 2 2008, 04:29 PM
Post #5


Member
**
Posts: 55
OS: Windows XP
Hi Jimmy2012,

QUOTE
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.


so does that mean i only dl 1 firewall or dl comodo 1st then dl another firewall?

also should i use flashget to dl the firewall or just save it 2 disk?

This post has been edited by Cinnamoroll: Oct 2 2008, 04:33 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Oct 2 2008, 05:08 PM
Post #6


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll,
QUOTE
so does that mean i only dl 1 firewall or dl comodo 1st then dl another firewall?

Just download one firewall.
QUOTE
also should i use flashget to dl the firewall or just save it 2 disk?

Save it to the disk and then install it from there.
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 2 2008, 05:51 PM
Post #7


Member
**
Posts: 55
OS: Windows XP
Hi Jimmy2012,

Sorry to ask another question but do i dl the Comondo w/ 18-bit setup or 32-bit setup?

This post has been edited by Cinnamoroll: Oct 2 2008, 05:59 PM
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 2 2008, 06:56 PM
Post #8


Member
**
Posts: 55
OS: Windows XP

QUOTE
Yes that it fine to heal them with AVG. Would you please tell me where AVG is finding these viruses?


in my documents, WINDOWS(system), & System Volume info.

btw should i delete these viruses in my vault? will they come bak 2 my comp. again?
Go to the top of the page
 
+Quote Post
Jimmy2012
post Oct 2 2008, 07:28 PM
Post #9


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll,
QUOTE
Sorry to ask another question

No problem, if you have any questions please ask them. smile.gif
QUOTE
do i dl the Comondo w/ 18-bit setup or 32-bit setup?

It would depend on what "bit" your system is, but most likely it should be the 32-bit you will need to download. If that does not work please let me know.
QUOTE
btw should i delete these viruses in my vault?

It is up to you if you want to delete them or not, but after a few days of the virus being in there I would go ahead and remove it.
QUOTE
will they come bak 2 my comp. again?

The virus it put in the vault will not return to your computer unless you restore it.
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 2 2008, 09:38 PM
Post #10


Member
**
Posts: 55
OS: Windows XP
QUOTE
And then please delete the following folder. (if present)
C:\Program Files\Viewpoint


how do i no if its present?

btw i used the comondo to scan comp. and 4 some reason i cant delete the trojan

also im receiving more trojans.......

This post has been edited by Cinnamoroll: Oct 2 2008, 10:35 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Oct 3 2008, 10:57 AM
Post #11


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll,
QUOTE
how do i no if its present?

If you see the folder it's present and you should delete it, if you don't see it then move on to the next step.
QUOTE
btw i used the comondo to scan comp. and 4 some reason i cant delete the trojan

Where is the trojan?
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 3 2008, 02:26 PM
Post #12


Member
**
Posts: 55
OS: Windows XP

QUOTE
btw i used the comondo to scan comp. and 4 some reason i cant delete the trojan

Where is the trojan?


sry i didnt pay attention to it. should i scan it again?
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 3 2008, 02:28 PM
Post #13


Member
**
Posts: 55
OS: Windows XP
QUOTE (Jimmy2012 @ Oct 3 2008, 10:57 AM) *
Hello Cinnamoroll,
QUOTE
how do i no if its present?

If you see the folder it's present and you should delete it, if you don't see it then move on to the next step.


u mean if i c it on my desktop?

btw for the comodo firewall y the little icon on the taskbar (right hand bottom corner) has red arrows going down and green arrows going up? wat does it mean?

This post has been edited by Cinnamoroll: Oct 3 2008, 03:42 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Oct 3 2008, 04:49 PM
Post #14


Trusted Helper
Group Icon
Posts: 2,733
From: Ohio, USA
OS: linux, Windows XP
Hello Cinnamoroll,
QUOTE
sry i didnt pay attention to it. should i scan it again?

No, it's ok.
QUOTE
u mean if i c it on my desktop?

Nope, if you see it in this folder, C:\Program Files.
QUOTE
btw for the comodo firewall y the little icon on the taskbar (right hand bottom corner) has red arrows going down and green arrows going up? wat does it mean?

It means that there are programs on your computer that are using the internet.
Go to the top of the page
 
+Quote Post
Cinnamoroll
post Oct 3 2008, 05:34 PM
Post #15


Member
**
Posts: 55
OS: Windows XP
this is the log


Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-03 19:32:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 53 GB (74%) free of 71 GB
Total RAM: 502 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:38 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\