Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mynbx.247.info/php66 starts all the time

Started by malayalam , Jul 10 2005 07:15 AM

  • Please log in to reply

#1
malayalam
Posted 10 July 2005 - 07:15 AM

malayalam

    New Member

  • Member
  • Pip
  • 1 posts
Hey! The webpage Mynbx.247.info/php66 is starting every time i start my computer. I ran Ad-Ware, AntiSpyware, Spybot SD and several registercleaner and virusprograms. The programs take away the program Windupdates Acces and the registerfile that the program create and then the problem is fixed temporary. But every time i start my computer the homepage Mynbx.247.info/php66 is starting again. COluld you have a look at my HiJackThis log and give some advice what to do?

Logfile of HijackThis v1.99.1
Scan saved at 14:31:15, on 2005-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program\Acer\Launch Manager\LaunchAp.exe
C:\Program\Acer\Launch Manager\PowerKey.exe
C:\Program\Acer\Launch Manager\HotkeyApp.exe
C:\Program\Acer\Launch Manager\KeyHook.exe
C:\Program\Acer\Launch Manager\CtrlVol.exe
C:\WINDOWS\System32\wsjsp.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\Apvxdwin.exe
C:\Program\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lennart\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Acer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program\Acer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program\Acer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [KeyHook] "C:\Program\Acer\Launch Manager\KeyHook.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Acer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ZoneEdit] C:\WINDOWS\System32\wsjsp.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sertek.com.tw/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120857942136
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\System32\netddeclnt.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe


thanks a lot/Lotta
  • 0

Advertisements

#2
Wizard
Posted 10 July 2005 - 02:29 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi malayalam and Welcome to GeekstoGo!

If you would,please submit 2 files for examination

C:\WINDOWS\System32\wsjsp.exe

C:\WINDOWS\System32\netddeclnt.exe

You may need to be showing Hiddent Files in Order to Find them
http://www.bleepingc...torial=62#winxp

Submit those here please!
http://www.bleepingc...mit-malware.php

Leave a link to this post and place a message "Attn: Cretemonster"


Next,get those files scanned at these 2 sites

http://www.virustota...h/index_en.html

http://virusscan.jotti.org/

If these Scan out nasty,please post back immediatly and let me know!

Next,Download Pfind:
http://www.bleepingc...r/pfind-new.zip

Right Click the Zip Folder and Select "Extract All"
So make sure all those files remain in the same folder.

Don't use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Doubleclick pfind.bat
It will scan for a while, so please be patient.
Wait till the doswindow closes.


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

Post back with a fresh HijackThis log->Contents of C:\pfind.txt->Results from Panda and the 2 Single File Virus Scans!
C:\pfind.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP