Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HIJACK THIS LOG INSTRUCTIONS FOLLOWED [RESOLVED]

Started by djrichieparker , Apr 18 2005 08:22 PM

  • This topic is locked This topic is locked

#1
djrichieparker
Posted 18 April 2005 - 08:22 PM

djrichieparker

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

i also have the blue flu, usual system warning cannot run normal mode

Please help

This is my hijackthis logfile
Logfile of HijackThis v1.99.1
Scan saved at 03:08:25, on 19/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\wp.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Richie\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O1 - Hosts: 209.123.181.91 ad0.bigmir.net
O1 - Hosts: 209.123.181.91 ad7.bigmir.net
O1 - Hosts: 209.123.181.91 ad4.bigmir.net
O1 - Hosts: 209.123.181.91 ad2.bigmir.net
O1 - Hosts: 209.123.181.91 b468.abn.com.ua
O1 - Hosts: 209.123.181.91 b100.abn.com.ua
O1 - Hosts: 209.123.181.91 b120.abn.com.ua
O1 - Hosts: 209.123.181.91 b160.abn.com.ua
O1 - Hosts: 209.123.181.91 b600.abn.com.ua
O1 - Hosts: 209.123.181.91 banner.kiev.ua
O1 - Hosts: 209.123.181.91 ab.adpro.com.ua
O1 - Hosts: 209.123.181.91 bs.yandex.ru
O1 - Hosts: 209.123.181.91 ad2.rambler.ru
O1 - Hosts: 209.123.181.91 ad.rambler.ru
O1 - Hosts: 209.123.181.91 ad1.rambler.ru
O1 - Hosts: 209.123.181.91 global.msads.net
O1 - Hosts: 209.123.181.91 ad.adriver.ru
O1 - Hosts: 209.123.181.91 ad.gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.100-gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.tbn.ru
O1 - Hosts: 209.123.181.91 ad.clickhere.ru
O1 - Hosts: 209.123.181.91 rb2.design.ru
O1 - Hosts: 209.123.181.91 ad.strict.tbn.ru
O1 - Hosts: 209.123.181.91 ad.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad.100.tbn.ru
O1 - Hosts: 209.123.181.91 ad4.lbn.ru
O1 - Hosts: 209.123.181.91 ad.text.tbn.ru
O1 - Hosts: 209.123.181.91 ad2.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad4.bannerbank.ru
O1 - Hosts: 209.123.181.91 r.mail.ru
O1 - Hosts: 209.123.181.91 ad100.prbn.ru
O1 - Hosts: 209.123.181.91 ushki.caricatura.ru
O1 - Hosts: 209.123.181.91 d.clx.ru
O1 - Hosts: 209.123.181.91 link.link.ru
O1 - Hosts: 209.123.181.91 s1.adward.ru
O1 - Hosts: 209.123.181.91 s.clx.ru
O1 - Hosts: 209.123.181.91 adv.aport.ru
O1 - Hosts: 209.123.181.91 softbn.ru
O1 - Hosts: 209.123.181.91 ad6.bannerbank.ru
O1 - Hosts: 209.123.181.91 google.com
O1 - Hosts: 0
O1 - Hosts: 209.123.181.91 ad0.bigmir.net
O1 - Hosts: 209.123.181.91 ad7.bigmir.net
O1 - Hosts: 209.123.181.91 ad4.bigmir.net
O1 - Hosts: 209.123.181.91 ad2.bigmir.net
O1 - Hosts: 209.123.181.91 b468.abn.com.ua
O1 - Hosts: 209.123.181.91 b100.abn.com.ua
O1 - Hosts: 209.123.181.91 b120.abn.com.ua
O1 - Hosts: 209.123.181.91 b160.abn.com.ua
O1 - Hosts: 209.123.181.91 b600.abn.com.ua
O1 - Hosts: 209.123.181.91 banner.kiev.ua
O1 - Hosts: 209.123.181.91 ab.adpro.com.ua
O1 - Hosts: 209.123.181.91 bs.yandex.ru
O1 - Hosts: 209.123.181.91 ad2.rambler.ru
O1 - Hosts: 209.123.181.91 ad.rambler.ru
O1 - Hosts: 209.123.181.91 ad1.rambler.ru
O1 - Hosts: 209.123.181.91 global.msads.net
O1 - Hosts: 209.123.181.91 ad.adriver.ru
O1 - Hosts: 209.123.181.91 ad.gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.100-gen.tbn.ru
O1 - Hosts: 209.123.181.91 ad.tbn.ru
O1 - Hosts: 209.123.181.91 ad.clickhere.ru
O1 - Hosts: 209.123.181.91 rb2.design.ru
O1 - Hosts: 209.123.181.91 ad.strict.tbn.ru
O1 - Hosts: 209.123.181.91 ad.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad.100.tbn.ru
O1 - Hosts: 209.123.181.91 ad4.lbn.ru
O1 - Hosts: 209.123.181.91 ad.text.tbn.ru
O1 - Hosts: 209.123.181.91 ad2.bannerbank.ru
O1 - Hosts: 209.123.181.91 ad4.bannerbank.ru
O1 - Hosts: 209.123.181.91 r.mail.ru
O1 - Hosts: 209.123.181.91 ad100.prbn.ru
O1 - Hosts: 209.123.181.91 ushki.caricatura.ru
O1 - Hosts: 209.123.181.91 d.clx.ru
O1 - Hosts: 209.123.181.91 link.link.ru
O1 - Hosts: 209.123.181.91 s1.adward.ru
O1 - Hosts: 209.123.181.91 s.clx.ru
O1 - Hosts: 209.123.181.91 adv.aport.ru
O1 - Hosts: 209.123.181.91 softbn.ru
O1 - Hosts: 209.123.181.91 ad6.bannerbank.ru
O1 - Hosts: 209.123.181.91 google.com
O1 - Hosts: 0
O1 - Hosts: ` b e @_C}WkPW8Y_Nx_]oD)E mke
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 google.com
O1 - Hosts: 69.50.173.4 www.google.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 msn.com
O1 - Hosts: 69.50.173.4 www.msn.com
O1 - Hosts: 69.50.173.4 yahoo.com
O1 - Hosts: 69.50.173.4 www.yahoo.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 google.com
O1 - Hosts: 69.50.173.4 www.google.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 msn.com
O1 - Hosts: 69.50.173.4 www.msn.com
O1 - Hosts: 69.50.173.4 yahoo.com
O1 - Hosts: 69.50.173.4 www.yahoo.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\Video1\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Richie\LOCALS~1\Temp\20054191541_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Richie\LOCALS~1\Temp\20054191542_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/uk
O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-its:mhtml:file://C:\foo.mht!http://195.225.176.2...b.chm::/1/e.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113813998591
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

any help available
  • 0

Advertisements

#2
djrichieparker
Posted 19 April 2005 - 07:01 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi i have followed all instructions, i still havent got any reply, i understand you are very busy. please please help when you can, i need my beloved computer back

thank you

heres the log

Logfile of HijackThis v1.99.1
Scan saved at 01:47:16, on 20/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#3
djrichieparker
Posted 20 April 2005 - 03:52 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I UNDERSTAND YOU ARE VERY BUSY.

HERE IS MY LOG

Logfile of HijackThis v1.99.1
Scan saved at 22:47:44, on 20/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sllights.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E95A158-8A17-449A-9FE3-8F040EA3767C}: NameServer = 159.134.237.6 159.134.248.17
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#4
Kat
Posted 20 April 2005 - 04:23 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi there! I have merged all three of your threads into one topic. Please do NOT start another thread. This will not get you help any faster. Also, bumping your thread by continually posting will not get you help any faster, either. We are working as fast as we can without comprimising the quality of our work. Currently, it can take a few days before you receive help. Please be patient, and someone will help you as soon as they can!

Thanks!
  • 0

#5
Michelle
Posted 20 April 2005 - 04:29 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you have your desktop properties and wallpaper back?
  • 0

#6
Michelle
Posted 20 April 2005 - 04:30 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I need you to do the following before I can help with your system:

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#7
djrichieparker
Posted 20 April 2005 - 09:23 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank You bananafanafo

im downloading the service pack now
  • 0

#8
djrichieparker
Posted 20 April 2005 - 09:25 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
plus my desktop is black, cant change it, i did have the blue now the black
  • 0

#9
djrichieparker
Posted 20 April 2005 - 09:32 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
bananafanafo its gona take 1 hour and 6 mins for the xp update, its 4.30am here in ireland, but im gona stay up and get this sorted i dunno if you are around in an hour or so?

cheers
  • 0

#10
Michelle
Posted 20 April 2005 - 09:42 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'll be around for a good 4 or 5 more hours :tazz:
  • 0

Advertisements

#11
djrichieparker
Posted 20 April 2005 - 11:56 PM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
okay downloaded the service pack

Heres my new log

Logfile of HijackThis v1.99.1
Scan saved at 06:51:15, on 21/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Documents and Settings\Richie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/email
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113957439216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#12
Michelle
Posted 21 April 2005 - 12:09 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
The Service Pack 1 is not showing on your system and I can not help you until it shows that XP is updated (I don't doubt that you updated!)

Go to http://www.microsoft.com - click on Windows Update and download Service Pack 2 - let me know if you receive an error message when downloading.
  • 0

#13
djrichieparker
Posted 21 April 2005 - 12:21 AM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
well service pack two is downloading fine, i duno , the last update included a few security updates and malware finder stuff??

what should i do, stay downloading 2 or what, it said it would take 3 hours, if so im going to bed and catch up with it later
  • 0

#14
djrichieparker
Posted 21 April 2005 - 12:22 AM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
and it did say after the first download "you have successfully updated you comp "
  • 0

#15
djrichieparker
Posted 21 April 2005 - 12:26 AM

djrichieparker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
im using dial-up aswell, so thats a help.........
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP