Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Somebody help me! got infected!


  • Please log in to reply

#1
latinguy

latinguy

    New Member

  • Member
  • Pip
  • 3 posts
Hey people my computer has few differents things wrong, It has a "Security toolbar 7.1" on my IE window, and this virus has also created two Icons on my desktop "online security guide" and "Live safety center" also on my hijackthis log i show whataboutadog.com and doginhispen.com trusted sited, and my computer all the sudden shuts off, got crap popping all over, anyway please help me!!! here my hijackthis log and findawf log thanks i hope you can help!





Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 11/12/2007
The current time is: 2:21:17.04


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

06/28/2007 08:14 AM 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

09/05/2006 07:22 PM 26,248 osCheck.exe
1 File(s) 26,248 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:00 PM 15,360 ctfmon.exe
07/10/2003 04:13 AM 114,688 hkcmd.exe
07/10/2003 04:25 AM 155,648 igfxtray.exe
09/20/2005 06:17 PM 155,648 MAFWTray.exe
07/09/2001 10:50 AM 155,648 NeroCheck.exe
5 File(s) 596,992 bytes

Directory of C:\PROGRA~1\AHEAD\NEROBA~1\BAK

10/11/2005 06:25 PM 1,961,984 NBJ.exe
1 File(s) 1,961,984 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

12/17/2001 11:18 AM 483,394 CFD.exe
1 File(s) 483,394 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

01/09/2007 09:59 PM 115,816 ccApp.exe
1 File(s) 115,816 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 10:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\MICROI~1\WIRELE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/26/2004 07:20 PM 499,712 SynTPEnh.exe
03/26/2004 07:20 PM 98,304 SynTPLpr.exe
2 File(s) 598,016 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
1 File(s) 4,662,776 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

08/03/2006 11:29 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 10:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jul 6 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
116024 Jun 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
26248 Sep 5 2006 "C:\Program Files\Norton AntiVirus\bak\osCheck.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
114688 Jul 10 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Jul 10 2003 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Sep 20 2005 "C:\WINDOWS\system32\bak\MAFWTray.exe"
151552 Jun 23 2004 "C:\Documents and Settings\Jose Olivares\Local Settings\Temp\{64D302C8-0B1A-40D9-9DE0-B85F24F47367}\{92CFE459-E641-4293-8884-83FB2B97FDFC}\MAFWTray.exe"
155648 Sep 20 2005 "C:\Documents and Settings\Jose Olivares\Local Settings\Temp\{ECA5151C-742E-4753-B134-7E410F0906B2}\{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}\MAFWTray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
155648 Jul 9 2001 "C:\Documents and Settings\Jose Olivares\Local Settings\Temp\RarSFX0\System\NeroCheck.exe"
1961984 Oct 11 2005 "C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe"
1961984 Oct 11 2005 "C:\Documents and Settings\Jose Olivares\Local Settings\Temp\RarSFX0\Nero BackItUp\NBJ.exe"
483394 Dec 17 2001 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
84640 Sep 3 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
115816 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
499712 Mar 26 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
499712 Mar 26 2004 "C:\Program Files\Synaptics\SynTP\Media\syntpenh.exe"
98304 Mar 26 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98304 Mar 26 2004 "C:\Program Files\Synaptics\SynTP\Media\syntplpr.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
180269 Aug 3 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"


end of report


Logfile of HijackThis v1.99.1
Scan saved at 2:57:28 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\tiyylbhy.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JOSEOL~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wjthrtas.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [d046c182] rundll32.exe "C:\WINDOWS\system32\wckttfkf.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c01842889...ad/MsnPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccApp.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccApp.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\tiyylbhy.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: M-Audio Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP