Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware/keeps restarting

Started by goldminegutted , Oct 27 2005 06:35 AM

  • Please log in to reply

#1
goldminegutted
Posted 27 October 2005 - 06:35 AM

goldminegutted

    New Member

  • Member
  • Pip
  • 4 posts
i have recently been infected by some malware which causes my computer to restart shortly afetr i log on.


Logfile of HijackThis v1.99.1
Scan saved at 13:34:36, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\MsUpdate\MsUpdate.exe
F:\WINDOWS\etb\pokapoka76.exe
F:\WINDOWS\System32\scvhost.exe
F:\WINDOWS\System32\ctfmon.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Guest\Desktop\HijackThis.exe
F:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.uk.netscape.com/uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.uk.netscape.com/uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - F:\WINDOWS\System32\wvwvv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar_en_2.0.95-big.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsUpdate] F:\Program Files\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [System service76] F:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://F:\Program Files\AutoCAD LT 2000i\AcDcToday.ocx
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://cw.netglearni...iles/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://F:\Program Files\AutoCAD LT 2000i\InstFred.ocx
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} (Starware) - http://files-pl.star...tarware_323.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://F:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
O16 - DPF: {FCC56E79-0FA2-4969-9164-06F140763455} (ActiveFormX Control) - http://klikw.com/awd/cabs/10036.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1865.exe
O20 - Winlogon Notify: style2 - F:\WINDOWS\q17656528_disk.dll (file missing)
O20 - Winlogon Notify: wvwvv - F:\WINDOWS\SYSTEM32\wvwvv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - F:\WINDOWS\system32\LEXBCES.EXE (file missing)

thank you for your time
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP