Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Viruses Won't Leave

Started by mrbilzor , Sep 05 2007 12:11 PM

  • Please log in to reply

#1
mrbilzor
Posted 05 September 2007 - 12:11 PM

mrbilzor

    New Member

  • Member
  • Pip
  • 1 posts
Team Geek,

Got a computer, got a virus. Too much for simple cleaning so I just reformatted (it was about time anyway). Norton didn't find the virus the first time, loaded AVG and found a crapload once I reinstalled XP. Formatted again, very carefully installed programs, found viruses.

Now I am mad. Got HiJackThis, got AVG (which doesn't work half the time (error verifying its electronic state), got CCleaner, loaded up msconfig and just went to town.

It seems, though, I can't get to the bottom of this virus. I've been running the same version of XP for about two years now, and recently it decided to stop working on me.

Following is my HiJackThis log, please help me out.

Oh, I also have some stuff unchecked in msconfig's services and startup. Should I throw those back on? Or just leave them unchecked?


Logfile of HijackThis v1.99.1
Scan saved at 2:10:52 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\pipmon.exe
C:\WINDOWS\system32\pipmon.exe
C:\APPS\MOZILL~1\FIREFOX.EXE
C:\apps\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Application Layer Gateway Service ALGMSDTC (ALGMSDTC) - Unknown owner - C:\WINDOWS\system32\ahuid.exe
O23 - Service: NT LM Security Support Provider NtLmSspProtectedStorage NtLmSspProtectedStorageSharedAccess (NtLmSspProtectedStorageSharedAccess) - Unknown owner - C:\WINDOWS\system32\2966096907l.exe (file missing)
O23 - Service: Volume Shadow Copy VSSCOMSysApp (VSSCOMSysApp) - Unknown owner - C:\WINDOWS\system32\appmgrh.exe (file missing)


Thanks in advance
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP