Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Task manager refuses to open [RESOLVED]

Started by gmcube , Jul 28 2006 02:58 PM

  • This topic is locked This topic is locked

#31
therock247uk
Posted 12 August 2006 - 06:12 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

Advertisements

#32
gmcube
Posted 12 August 2006 - 06:50 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
alright I just got back from my restart, and as you mentioned in your warning, my desktop background has been removed.

but I know there are still infections.
heres the report if you still want it.

SmitFraudFix v2.81

Scan done at 20:35:57.87, Sat 08/12/2006
Run from C:\Documents and Settings\robert\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\uniq Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#33
therock247uk
Posted 12 August 2006 - 09:29 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Ok you can change your dekstop back to what it was before... Post a new Hijackthis log here in a reply...
  • 0

#34
gmcube
Posted 12 August 2006 - 11:46 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:46:39 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\LEXBCES.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\LEXPPS.EXE
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS2\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS2\SYSTEM32\GEARSEC.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS2\Mixer.exe
C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\AOL\1124230273\ee\AOLSoftware.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\TEMP\nlkfev73585817.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\{0489797C-09DC-1033-0127-030105290001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B38108F6-CC89-A3A1-BCF4-8CB781BDBAF6} - C:\WINDOWS2\kaexxmu.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124230273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [loaddr] C:\epvgy.exe
O4 - HKLM\..\Run: [tuqefb9f] RUNDLL32.EXE w0010ed0.dll,n 002efb9d000000110010ed0
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f6b6bda-561a-4660-be25-f4c829a22d9e
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141738553078
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS2\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS2\TEMP\nlkfev73585817.exe
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS2\system32\svsnt.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS2\system32\Tablet.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS2\system32\dior4f4uvxdfh.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#35
therock247uk
Posted 13 August 2006 - 04:47 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.u...r...=view&id=34

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {B38108F6-CC89-A3A1-BCF4-8CB781BDBAF6} - C:\WINDOWS2\kaexxmu.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [loaddr] C:\epvgy.exe
O4 - HKLM\..\Run: [tuqefb9f] RUNDLL32.EXE w0010ed0.dll,n 002efb9d000000110010ed0
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS2\system32\dior4f4uvxdfh.exe (file missing)

Now close all open windows except Hijackthis and click fix checked

Delete the files. (if present)

C:\WINDOWS2\kaexxmu.dll
C:\epvgy.exe
C:\windows\system32\w0010ed0.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

Reboot and post a new Hijackthis log here in a reply.
  • 0

#36
gmcube
Posted 21 August 2006 - 03:16 AM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:15:14 AM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - c:\windows\system32\tbhogt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B38108F6-CC89-A3A1-BCF4-8CB781BDBAF6} - C:\WINDOWS2\kaexxmu.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - c:\windows\system32\tbhogttb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124230273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f6b6bdab-561a-4660-be25-f4c829a22d9e
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\windows\system32\tbhogttb.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\windows\system32\tbhogttb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141738553078
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS2\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS2\TEMP\nlkfev73585817.exe
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS2\system32\svsnt.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS2\system32\Tablet.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS2\system32\dior4f4uvxdfh.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


just so you know, all the files you mentioned were there except for the last one.
  • 0

#37
therock247uk
Posted 24 August 2006 - 05:40 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#38
gmcube
Posted 14 September 2006 - 04:21 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Incident Status Location

Adware:adware/gator Not disinfected c:\GatorPatch.log
Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users.windows2\application data\vidctrl
Adware:adware/cws Not disinfected C:\Documents and Settings\robert\Favorites\Going Places
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/toolbarsimbar Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\robert\Cookies\robert@atwola[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\robert\Desktop\ComcastToolbar(2).exe[²ÜÇ\nsProcess.dll]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\mbfv382m.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\pezxg6ra.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\pezxg6ra.default\cookies-1.txt[.c2.gostats.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\pezxg6ra.default\cookies-1.txt[.ct.360i.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\pezxg6ra.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Application Data\Mozilla\Firefox\Profiles\pezxg6ra.default\cookies.txt[.go.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@atwola[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@a[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@belnk[1].txt
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@centralmedia[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@delfinproject[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@go[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\[email protected][2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@kount[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@offeroptimizer[1].txt
Spyware:Cookie/Transponder Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\[email protected][2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Cookies\tonya@rn11[2].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Desktop\e3\Movies\backup-20040531-191721-250.inf
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\robert\Desktop\Old Stuff\Tonya\Desktop\hijackthis\backups\backup-20050224-002517-357.dll
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\robert\Local Settings\Temporary Internet Files\Content.IE5\C5I3GD2N\media_motor_bundle[1].exe
Virus:Trj/Downloader.JKC Disinfected C:\Documents and Settings\robert\Local Settings\Temporary Internet Files\Content.IE5\C5I3GD2N\ssqbn[1].exe
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{0489797C-09DC-1033-0127-030105290001}\services.dll
Adware:Adware/DelFinMedia Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7C5D2416-6AC2-45C4-8B4A-E261D9\AEE5FDF7-4FEB-4AF4-80CB-92309D
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.advertising.com/]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.xiti.com/]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.as-us.falkag.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.ads.addynamix.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.com.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.adultfriendfinder.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.burstnet.com/]
Spyware:Cookie/did-it Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.did-it.com/]
Spyware:Cookie/Go Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.revenue.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.spylog.com/]
Spyware:Cookie/Target Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.target.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][.z1.adserver.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][server.iad.liveperson.net/hc/17859531]
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\support.com\backup\Co\cookies.txt\74062_593a11ba3_[cookies.txt][stat.onestat.com/]
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS2\media_motor_bundle.exe
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS2\ssqbn.exe
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS2\system32\icon_mediamotor.exe
Virus:Bck/HacDef.FH Disinfected C:\WINDOWS2\system32\timedrv26.sys
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS2\system32\ts_mediamotor.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS2\uni_ehhh.exe



I have a new problem, I wasnt sure if it warrented a new topic or not. but I'll just keep using this one.
my pc keeps crashing within 5 mins of booting in normal mode. its the blue screen with a number error, so if you need that number let me know. Im kinda stuck in safe mode right now.

Edited by gmcube, 14 September 2006 - 04:43 PM.

  • 0

#39
therock247uk
Posted 14 September 2006 - 04:35 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Post me a new Hijackthis log to...
  • 0

#40
gmcube
Posted 14 September 2006 - 04:42 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:42:34 PM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Common Files\AOL\1124230273\ee\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\common files\aol\1124230273\ee\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS2\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f6b6bdab-561a-4660-be25-f4c829a22d9e
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS2\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS2\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141738553078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS2\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS2\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS2\TEMP\nlkfev73585817.exe (file missing)
O23 - Service: System Internal AntiVirus (SVSAV) - Unknown owner - C:\WINDOWS2\system32\svsnt.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS2\system32\Tablet.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS2\system32\dior4f4uvxdfh.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

Advertisements

#41
therock247uk
Posted 14 September 2006 - 05:13 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#42
gmcube
Posted 14 September 2006 - 07:30 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
it seems my pc always crashes while checking for malware. it doesnt stay stable long enough to create the report file. the number for the crash if needed is...

***stop : 0x0000008E (0XC0000005, 0XF2AF08B7A20 0x00000000)
  • 0

#43
therock247uk
Posted 15 September 2006 - 07:17 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Can you reboot and maybe try again?
  • 0

#44
gmcube
Posted 15 September 2006 - 01:43 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
okay, tried a few more times, and got it to finish. but it didnt seem to do any good.



SDFix: Version 1.22
-------------------------

Scan Time / Date: 15:16:51.32 / Fri 09/15/2006


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\robert\Desktop\SDFix\SDFix


Stage One...


Checking Services...

Service Name:
------------------


File Path:
------------


Removing Services:
------------------------



Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
----------------------------------


Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------------


Remaining Files:
-------------------

FINISHED
  • 0

#45
therock247uk
Posted 15 September 2006 - 02:18 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Ok post a new Hijackthis log here in a reply...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP