Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
Windows xp/email problem [CLOSED]
Trasufoma
post Oct 5 2008, 02:20 PM
Post #1


New Member
*
Posts: 1
OS: xp
Recently I had to reload windows xp (home ed) because of a HD failure.

After I got it up and running, A MESSLOAD of viruses and malware poped up and I managed to "kill" most of them using regiedit and other programs.


now I can't log into any of my email accounts (hotmail, yahoo, netzero ect)
\

Can someone please decipher this hijack file to determin what the issie(s) are?

thanks a mill!


-------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:51 PM, on 10/5/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Dustin\LOCALS~1\Temp\winvsnet.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: innbanner browser enhancer - {16beca97-621c-08f7-84f3-c6492db97c9d} - C:\WINDOWS\System32\otetyhcadpylcnh.dll (file missing)
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - C:\WINDOWS\system32\qoMCSjif.dll (file missing)
O2 - BHO: (no name) - {B3C4DA23-F1DE-4482-9D29-1D8EA93B5F20} - C:\WINDOWS\System32\tuvTkhfD.dll (file missing)
O2 - BHO: (no name) - {FD6E1C05-51CC-4C68-A933-54F3E6F558C8} - C:\WINDOWS\System32\qoMccYRh.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IUpd721] C:\DOCUME~1\Dustin\LOCALS~1\Temp\winvsnet.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BM0b3bdb73] Rundll32.exe "C:\WINDOWS\System32\syepfxbn.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1034] command /c del "C:\WINDOWS\System32\ypntnpxu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5484] cmd /c del "C:\WINDOWS\System32\ypntnpxu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1293] command /c del "C:\WINDOWS\System32\syepfxbn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC793] cmd /c del "C:\WINDOWS\System32\syepfxbn.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB846] command /c del "C:\WINDOWS\System32\ypntnpxu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9540] cmd /c del "C:\WINDOWS\System32\ypntnpxu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7634] command /c del "C:\WINDOWS\System32\syepfxbn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4913] cmd /c del "C:\WINDOWS\System32\syepfxbn.dll_old"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222835025453
O20 - AppInit_DLLs: gceoha.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qoMCSjif - qoMCSjif.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4739 bytes
Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 7 2008, 11:34 AM
Post #2


Trusted Helper
Group Icon
Posts: 3,288
OS: XP Pro
Hello Trasufoma,

Welcome to Geekstogo.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Next
  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So when you return please post
  • VundoFix.txt
  • the two logs from RSIT - log.txt and info.txt

If the reports are too long to fit on one post, just use as many posts as you need, that's fine.
Go to the top of the page
 
+Quote Post
emeraldnzl
post Oct 20 2008, 05:54 PM
Post #3


Trusted Helper
Group Icon
Posts: 3,288
OS: XP Pro
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 7th January 2009 - 10:31 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Powered By IP.Board © 2009  IPS, Inc.