Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware problem, pc guard, intel32.exe, 2 users PC [CLOSED]


  • This topic is locked This topic is locked

#1
thunderraiden

thunderraiden

    New Member

  • Member
  • Pip
  • 3 posts
well i have the pc gaurd, intel32.exe, and i have alrdy read one post but i have alrdy tried another process of fixing this problem, and that failed so when i saw in another post like this that multiple users was an issue i wanted to make sure what i had to do to fix this problem, i also get alot of winfixer, and aurura pop-ups despite the fact i have used antispyware programs of all kinds against them. im not really a web surfer, but i play games like Counter strike source and its not very healthy in that game to get blasted back to desktop every other round. on a side note, it would be helpful if ne1 knew a way so that i could specify that a program not be minimized for any reason.
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi thunderraiden and welcome to GeeksToGo!


If you are having malware issues, please got to the following site and follow all the instructions carefully.


You Must Read This Before Posting A Hijackthis Log

this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THIS thread.

Thanks,

:tazz:

Excal
  • 0

#3
thunderraiden

thunderraiden

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sorry forgot to say i alrdy had all that and forgot to post the hijack this file, here u go.


Logfile of HijackThis v1.99.1
Scan saved at 1:55:47 PM, on 8/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\rjdhenc.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\oyibdll.EXE
C:\WINDOWS\System32\rukhrh.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\windows\system32\bupjhn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\apsi\wtta.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Sheridan\My Documents\antiintel32\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://httpwwwads.co...L?zone=enternet
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rjdhenc] C:\WINDOWS\rjdhenc.EXE
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [oyibdll] C:\WINDOWS\oyibdll.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rukhrh.exe reg_run
O4 - HKLM\..\Run: [komiolh] c:\windows\system32\bupjhn.exe r
O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123085325375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123211119296
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3A01194-3220-41B8-AFE1-523A85E47FA2}: NameServer = 69.50.176.198,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{DB21C722-4005-4B6B-8287-8A9689E201FA}: NameServer = 195.95.218.1,85.255.112.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\kfdmon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Edited by thunderraiden, 06 August 2005 - 11:57 AM.

  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Before we get started, can you please do the following:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\T3duZXIA\command.exe
  • Click on the submit button
  • Please post the results in your next reply.
Thanks,

:tazz:

Excal
  • 0

#5
thunderraiden

thunderraiden

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ill go ahead and do what u said, but i think its gone for some bizzare reason, doubt its gone, but the process hasnt ran in the last 2 restarts. i have a feeling once my little sister gets on that its going to come back, but in the mean time i will have antispyware and the ewido. even tho i have no idea how it got fixed i have fooled around with some of the advise givin to other users so i guess thats behind it, none the less, it was fixed upon my visiting of this site so i realy only have you guys to thank. i still have aurora and i might still have winfixer but i will have to see. if i have any more problems ill be sure to post them in another post. thanks for the assistance.

Service load:
0% 100%
File: command.exe
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 3e2c234dde711c6754f2df994fb3cc94
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Edited by thunderraiden, 06 August 2005 - 12:58 PM.

  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok. Go ahead and give me a fresh HiJackThis log and we will get started...

:tazz:

Excal
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP