Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OS seems to be Possessed.


  • Please log in to reply

#1
m.valdez

m.valdez

    New Member

  • Member
  • Pip
  • 6 posts
Well guys here is my problem, i have a computer that i have been working on and at times the computer will get a mind of its own and windows start opening, the start bar pops up and muliple windows opens and closes. this happens for about 10-15 seconds at a time, i leave the computer on all day and it happens several times throughout the day. I have ran the following programs fully updated. ad-aware se, spybot, microsoft anti spyware, spysweeper, spy subtract and cool web shredder. I also have ran the following anti virus programs, Nod 32 and Kaspersky and AVG. they found a couple of viruses but nothing big looking, the spyware that was captured was your typical 180 solutions barginbuddy and such. i have a hijack this log of what the machine looked like after i was done with the scans. Please Help I am trying not to go the backup and restore options. cliff notes, radomly out the day my machine will open up random windows like control pannel and startbar and run command and such. NOTE THIS POP UPS ARE NOT AD RELATED JUST WINDOWS BASED "WINDOWS" POPING UP.

Here is the Hi-Jack this Log.

Logfile of HijackThis v1.99.1
Scan saved at 2:32:59 PM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Kenie\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -
(no file)
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"
/WAITSERVICE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O23 - Service: AutoComplete Service (Autocomplete) - Internet Washer -
C:\PROGRA~1\SYSTEM~1\autocomp.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega
Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



Again Thanks guys.
  • 0

Advertisements


#2
austin_o

austin_o

    Retired Staff

  • Retired Staff
  • 2,089 posts
Work your way though the malware removal guide at the top of this forum where it says "Do you suspect a malware (Spyware, Virus, Trojan) infection? Please start here. " This enables folks to solve most problems on their own. If you still have trouble after that, post a hijack this log in the malware forum at:
http://www.geekstogo...o_Here-f37.html :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP