Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HIJACK THIS LOG INSTRUCTIONS FOLLOWED [RESOLVED]


  • This topic is locked This topic is locked

#1
djrichieparker

djrichieparker

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

i also have the blue flu, usual system warning cannot run normal mode

Please help

This is my hijackthis logfile
Logfile of HijackThis v1.99.1
Scan saved at 03:08:25, on 19/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\wp.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Richie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O1 - Hosts: 209.123.181.91 ad0.bigmir.net
O1 - Hosts: 209.123.181.91 ad7.bigmir.net
O1 - Hosts: 209.123.181.91 ad4.bigmir.net
O1 - Hosts: 209.123.181.91 ad2.bigmir.net
O1 - Hosts: 209.123.181.91 b468.abn.com.ua
O1 - Hosts: 209.123.181.91 b100.abn.com.ua
O1 - Hosts: 209.123.181.91 b120.abn.com.ua
O1 - Hosts: 209.123.181.91 b160.abn.com.ua
O1 - Hosts: 209.123.181.91 b600.abn.com.ua
O1 - Hosts: 209.123.181.91 banner.kiev.ua
O1 - Hosts: 209.123.181.91 ab.adpro.com.ua
O1 - Hosts: 209.123.181.91 bs.yandex.ru
O1 - Hosts: 209.123.181.91 ad2.rambler.ru
O1 - Hosts: 209.123.181.91 ad.rambler.ru
O1 - Hosts: 209.123.181.91 ad1.rambler.ru
O1 - Hosts: 209.123.181.91 global.msads.net
O1 - Hosts: 209.123.181.91 ad.adriver.ru
O1 - Hosts: 209.123.181.91 ad.gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.100-gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.tbn.ru
O1 - Hosts: 209.123.181.91 ad.clickhere.ru
O1 - Hosts: 209.123.181.91 rb2.design.ru
O1 - Hosts: 209.123.181.91 ad.strict.tbn.ru
O1 - Hosts: 209.123.181.91 ad.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad.100.tbn.ru
O1 - Hosts: 209.123.181.91 ad4.lbn.ru
O1 - Hosts: 209.123.181.91 ad.text.tbn.ru
O1 - Hosts: 209.123.181.91 ad2.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad4.bannerbank.ru
O1 - Hosts: 209.123.181.91 r.mail.ru
O1 - Hosts: 209.123.181.91 ad100.prbn.ru
O1 - Hosts: 209.123.181.91 ushki.caricatura.ru
O1 - Hosts: 209.123.181.91 d.clx.ru
O1 - Hosts: 209.123.181.91 link.link.ru
O1 - Hosts: 209.123.181.91 s1.adward.ru
O1 - Hosts: 209.123.181.91 s.clx.ru
O1 - Hosts: 209.123.181.91 adv.aport.ru
O1 - Hosts: 209.123.181.91 softbn.ru
O1 - Hosts: 209.123.181.91 ad6.bannerbank.ru
O1 - Hosts: 209.123.181.91 google.com
O1 - Hosts: 0
O1 - Hosts: 209.123.181.91 ad0.bigmir.net
O1 - Hosts: 209.123.181.91 ad7.bigmir.net
O1 - Hosts: 209.123.181.91 ad4.bigmir.net
O1 - Hosts: 209.123.181.91 ad2.bigmir.net
O1 - Hosts: 209.123.181.91 b468.abn.com.ua
O1 - Hosts: 209.123.181.91 b100.abn.com.ua
O1 - Hosts: 209.123.181.91 b120.abn.com.ua
O1 - Hosts: 209.123.181.91 b160.abn.com.ua
O1 - Hosts: 209.123.181.91 b600.abn.com.ua
O1 - Hosts: 209.123.181.91 banner.kiev.ua
O1 - Hosts: 209.123.181.91 ab.adpro.com.ua
O1 - Hosts: 209.123.181.91 bs.yandex.ru
O1 - Hosts: 209.123.181.91 ad2.rambler.ru
O1 - Hosts: 209.123.181.91 ad.rambler.ru
O1 - Hosts: 209.123.181.91 ad1.rambler.ru
O1 - Hosts: 209.123.181.91 global.msads.net
O1 - Hosts: 209.123.181.91 ad.adriver.ru
O1 - Hosts: 209.123.181.91 ad.gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.100-gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.tbn.ru
O1 - Hosts: 209.123.181.91 ad.clickhere.ru
O1 - Hosts: 209.123.181.91 rb2.design.ru
O1 - Hosts: 209.123.181.91 ad.strict.tbn.ru
O1 - Hosts: 209.123.181.91 ad.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad.100.tbn.ru
O1 - Hosts: 209.123.181.91 ad4.lbn.ru
O1 - Hosts: 209.123.181.91 ad.text.tbn.ru
O1 - Hosts: 209.123.181.91 ad2.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad4.bannerbank.ru
O1 - Hosts: 209.123.181.91 r.mail.ru
O1 - Hosts: 209.123.181.91 ad100.prbn.ru
O1 - Hosts: 209.123.181.91 ushki.caricatura.ru
O1 - Hosts: 209.123.181.91 d.clx.ru
O1 - Hosts: 209.123.181.91 link.link.ru
O1 - Hosts: 209.123.181.91 s1.adward.ru
O1 - Hosts: 209.123.181.91 s.clx.ru
O1 - Hosts: 209.123.181.91 adv.aport.ru
O1 - Hosts: 209.123.181.91 softbn.ru
O1 - Hosts: 209.123.181.91 ad6.bannerbank.ru
O1 - Hosts: 209.123.181.91 google.com
O1 - Hosts: 0
O1 - Hosts: ` b e @_C}WkPW8Y_Nx_]oD)E mke
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 google.com
O1 - Hosts: 69.50.173.4 www.google.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 msn.com
O1 - Hosts: 69.50.173.4 www.msn.com
O1 - Hosts: 69.50.173.4 yahoo.com
O1 - Hosts: 69.50.173.4 www.yahoo.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 google.com
O1 - Hosts: 69.50.173.4 www.google.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 msn.com
O1 - Hosts: 69.50.173.4 www.msn.com
O1 - Hosts: 69.50.173.4 yahoo.com
O1 - Hosts: 69.50.173.4 www.yahoo.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\Video1\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Richie\LOCALS~1\Temp\20054191541_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Richie\LOCALS~1\Temp\20054191542_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/uk
O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-its:mhtml:file://C:\foo.mht!http://195.225.176.2...b.chm::/1/e.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113813998591
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

any help available
  • 0

Advertisements


#2
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi i have followed all instructions, i still havent got any reply, i understand you are very busy. please please help when you can, i need my beloved computer back

thank you

heres the log

Logfile of HijackThis v1.99.1
Scan saved at 01:47:16, on 20/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#3
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I UNDERSTAND YOU ARE VERY BUSY.

HERE IS MY LOG

Logfile of HijackThis v1.99.1
Scan saved at 22:47:44, on 20/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sllights.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi there! I have merged all three of your threads into one topic. Please do NOT start another thread. This will not get you help any faster. Also, bumping your thread by continually posting will not get you help any faster, either. We are working as fast as we can without comprimising the quality of our work. Currently, it can take a few days before you receive help. Please be patient, and someone will help you as soon as they can!

Thanks!
  • 0

#5
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you have your desktop properties and wallpaper back?
  • 0

#6
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to do the following before I can help with your system:

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#7
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank You bananafanafo

im downloading the service pack now
  • 0

#8
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
plus my desktop is black, cant change it, i did have the blue now the black
  • 0

#9
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
bananafanafo its gona take 1 hour and 6 mins for the xp update, its 4.30am here in ireland, but im gona stay up and get this sorted i dunno if you are around in an hour or so?

cheers
  • 0

#10
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'll be around for a good 4 or 5 more hours :tazz:
  • 0

Advertisements


#11
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
okay downloaded the service pack

Heres my new log

Logfile of HijackThis v1.99.1
Scan saved at 06:51:15, on 21/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#12
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
The Service Pack 1 is not showing on your system and I can not help you until it shows that XP is updated (I don't doubt that you updated!)

Go to http://www.microsoft.com - click on Windows Update and download Service Pack 2 - let me know if you receive an error message when downloading.
  • 0

#13
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
well service pack two is downloading fine, i duno , the last update included a few security updates and malware finder stuff??

what should i do, stay downloading 2 or what, it said it would take 3 hours, if so im going to bed and catch up with it later
  • 0

#14
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
and it did say after the first download "you have successfully updated you comp "
  • 0

#15
djrichieparker

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
im using dial-up aswell, so thats a help.........
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP