Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OS seems to be Possessed.

Started by m.valdez , May 17 2005 07:35 PM

  • Please log in to reply

#1
m.valdez
Posted 17 May 2005 - 07:35 PM

m.valdez

    New Member

  • Member
  • Pip
  • 6 posts
Well guys here is my problem, i have a computer that i have been working on and at times the computer will get a mind of its own and windows start opening, the start bar pops up and muliple windows opens and closes. this happens for about 10-15 seconds at a time, i leave the computer on all day and it happens several times throughout the day. I have ran the following programs fully updated. ad-aware se, spybot, microsoft anti spyware, spysweeper, spy subtract and cool web shredder. I also have ran the following anti virus programs, Nod 32 and Kaspersky and AVG. they found a couple of viruses but nothing big looking, the spyware that was captured was your typical 180 solutions barginbuddy and such. i have a hijack this log of what the machine looked like after i was done with the scans. Please Help I am trying not to go the backup and restore options. cliff notes, radomly out the day my machine will open up random windows like control pannel and startbar and run command and such. NOTE THIS POP UPS ARE NOT AD RELATED JUST WINDOWS BASED "WINDOWS" POPING UP.

Here is the Hi-Jack this Log.

Logfile of HijackThis v1.99.1
Scan saved at 2:32:59 PM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Kenie\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -
(no file)
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"
/WAITSERVICE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O23 - Service: AutoComplete Service (Autocomplete) - Internet Washer -
C:\PROGRA~1\SYSTEM~1\autocomp.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega
Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



Again Thanks guys.
  • 0

Advertisements

#2
austin_o
Posted 18 May 2005 - 06:56 AM

austin_o

    Retired Staff

  • Retired Staff
  • 2,089 posts
Work your way though the malware removal guide at the top of this forum where it says "Do you suspect a malware (Spyware, Virus, Trojan) infection? Please start here. " This enables folks to solve most problems on their own. If you still have trouble after that, post a hijack this log in the malware forum at:
http://www.geekstogo...o_Here-f37.html :tazz:
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP