Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware on my comp


  • This topic is locked This topic is locked

#1
rreynolds

rreynolds

    Member

  • Member
  • PipPip
  • 32 posts
I have been through everything on the list and the Malware still remains on my computer. It all started when i got PSguad by accidentaly clicking a link on a site which infected me, after running a few scans it appeared to be gone, a few days later i again accidentally clicked a picture (not thinking anythin would happen)which appeared to be a hlink which contracted another virus which names i do not know. Now my desktop has been taken and it constantly blinks to white and beige colours from what seems to be a website on my desktop. I will post a screenshot of it. After following everything i could of the lsit i have now decided to post a hijackthis log file with the hope some kind person can help me
so here goes

Logfile of HijackThis v1.99.1
Scan saved at 21:43:06, on 12/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://voyager.home/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BCD125F0-B0C8-4FD2-AC94-660B2B1478EE} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpywareKilla] "C:\PROGRA~1\SPYWAR~1\SpywareKilla.exe" /s
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126476697921
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro....er/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: BitTorrent - {E585DB4E-E059-9404-FFB4-2AA7A1A75712} - c:\program files\bittorrent\wpcniqf32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Heres the picture of my desktop:desktop.JPG
  • 0

Advertisements


#2
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

Lets make sure that PSGuard is gone before we do anything else:

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:
===================================================
O2 - BHO: (no name) - {BCD125F0-B0C8-4FD2-AC94-660B2B1478EE} - blank (file missing)
===================================================

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#3
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok for some reason my computer wont let me access safe mode!
when i start up my computer i tap f8 but it never works and then i try repeatedly tapping f8 but still nothing, what can i do to solve this??
  • 0

#4
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Run everything in normal Windows and we will see how it works :tazz:
  • 0

#5
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok i have a new problem, while researching further into my problem about safe mode not starting i read somewhere online that if your computer wasnt going into safe mode you should go start- run then type "msconfig", go to the "boot.ini" tab then check the /safeboot. i thought this would solve everything but after rebooting my computer it would not start up. just turns on with a blank black screen and nothing after that. nothing i can do will help. is there anything i can do. its my own fault for not waiting for your reply and i feel sooooooooo stupid as all of your work has gone to waste but if there is something you can do to help it will be much appreciated and i can carry on following your original guidelines. (iam using another computer in my house). thank you
  • 0

#6
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hi rreynolds,

Please try this.

# Insert and boot from your Windows XP CD.
# At the first R=Repair option, press the R key
# Press the number that corresponds to the correct location for the installation of Windows you want to repair.
# Typically this will be #1
# Type bootcfg /list to show the current entries in the BOOT.INI file
# Please list everything that comes up in the list.
  • 0

#7
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
nothing seems to be working,when ever i put in the cd the same as normal happens. i am 99% sure im putting in the right cd, i tried a few, it should be the purple one i got with my computer (its a dell)
  • 0

#8
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
should i press something when i load up with the cd in?
  • 0

#9
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Go into your BIOs and make sure that your computer is booting from you CD Rom Drive.
  • 0

#10
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I sound like such an idiot, but how do i do that???
thanks for all your help and tolerating my stupidity
  • 0

#11
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

The bios are a confusing place, not many people know how to use them:

To change the boot order (or sequence, as some call it), you will have to enter the system BIOS setup screen that was mentioned earlier.

1) Press F2, delete, or the correct key for your specific system on the POST screen (or the screen that displays the computer manufacturer's logo) to enter the BIOS setup screen.

Caution:

Working in the BIOS setup screens will allow you to change many critical values that could affect the performance and the stability of your computer. Be careful which settings you decide to change because they may cause device resource conflicts as well as render your hardware unusable. However, there are very few settings in the BIOS that if set incorrectly, will lead to physical hardware damage. The only feature that my BIOS has that can do that is the CPU overclocking functions. If I set those values too high, my CPU could burn up. Changing basic feature settings such as the boot order will only result in a minor inconvenience if it was set incorrectly. To fix a problem, you will just have to go back into the bios and set the right value and everything will be back to normal.

2) Then look for where it says Boot and enter the sub menu.
Select Boot Sequence, and press Enter. I have attached an image of what the screen SHOULD look like. It may look somewhat different.

3)If you screen looks similar to the attached image, then you are in the right place. Next, navigate to where it states "first device" and cycle through the list to where it states "CD Rom". If your setup screen does not specifically state "first device" but rather just a list of all of the devices, then all you have to do is select the CD Rom and move it to the top of the list. That can be done by using the change values keys, which for my BIOS that is made by Phoenix, is the spacebar to move an item up, and the minus symbol key to move an item down. The specific keys are different on almost every system but the basic concepts are the same. You want to get your CD Rom Drive to the top of the list or listed as the first device from which to try to boot.

Then follow the directions above to boot from your Win XP CD and post back with the list of things that show up in boot.ini

NOTE - After you post the boot.ini list for me, change your boot order again and make the first boot (or the one on the top) the Hard Drive.

Attached Thumbnails

  • 0_1425_i_102817_00.jpg

  • 0

#12
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
i really dont believe this, my computer wont even go into the BIOS, i foundout that my computers correct buttons is F2 or Del, but neither work, i even started to think it was my moniter but after carrying the computer tower into my brothers room and trying it there the exactl same thing happend. i think theres a problem with my motherboard and my computer is seriously messed, i dont know what could casue this, woulf you recomend taking it to somebody to see what they can do, its not that you have been unhelpful- anything but. however it just seems like such a big job and it may need somebody to physically open up the computer.
cheers
  • 0

#13
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
rreynolds,

This issue has come to the point where we are unable to assist you over the computer. I would reccomend taking it to a computer repair shop where they can try and get it to boot up for you.

Best of luck to you,
  • 0

#14
rreynolds

rreynolds

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
i agree, you were very helpful in the beginning and i will come back to this forum if i ever need more help with anything, thanks
  • 0

#15
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Im sorry to see that we could not help you.

Please feel free to come back if you have any other computer issues.

Best Wishes,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP