[Tigger93]

Your log got cut off, can you please repost it?

On a side note, I can see you were using P2P/Torrents to download cracks. This is where you got your infection and where most people get them from. I would advise not using them.

[Advertisements]

hi again yes i do use torrents to download movie dvdrips mostly....



the scan is so big that im going to split it in two and attach a part to each post............... here is part 1

Attached Files

•  Scan_Part_1.txt   361.03KB   207 downloads

Edited by EZneedshelp, 16 January 2008 - 11:44 PM.

[EZneedshelp]

hi again yes i do use torrents to download movie dvdrips mostly....



the scan is so big that im going to split it in two and attach a part to each post............... here is part 1

Attached Files

•  Scan_Part_1.txt   361.03KB   207 downloads

Edited by EZneedshelp, 16 January 2008 - 11:44 PM.

[EZneedshelp]

here is the other part

Attached Files

•  Scan_Part_2.txt   355.99KB   169 downloads

[Tigger93]

Hi again,

hi again yes i do use torrents to download movie dvdrips mostly....

Yes, and this most of the time is illegal. I would advise against doing it....

Go Start > Control Panel > Add/Remove Programs and uninstall Azureus

Find and delete these folders:
C:\Documents and Settings\user\My Documents\Azureus Downloads\ZoneAlarm Internet Security Suite 7.0.722 + keygen\
D:\QooBox\
C:\Program Files\Azureus

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Restart and post a new HJT log please as well as an update on your problems.

[EZneedshelp]

i deleted as you asked but remember i cant access my add or remove programs window....... ok so i checked out the things that i cant access because that window comes up..... anything thats not a folder in the control panel i cant access....... when i open a new window in internet explorer i get the same screen but it goes away and lets me use the internet.... the same thing happens when i open my computer for the first time since boot-up.... i think there are other restrictions but im not sure... oh and changing the time is impossible too....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)

--
End of file - 7325 bytes

[Tigger93]

Hm, try this:

Open Notepad and copy and paste in the following:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=dword:00000000

Save it as Fix1.reg to the desktop. Double-click on it and let it merge with the registry.

Restart your computer.

Let me know if you can access the control panel now.

[EZneedshelp]

hello again... ok i did as you asked and restarted the computer... still everything is the same..... just like before i can access my control panel but anything thats not a folder i cant open in control panel..... ex: i can open my network connections because its a folder but i cant open add hardware because its not a folder.....

[Tigger93]

Okay let's give this a try.

Open HijackThis and put a check next to these:
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)

Click Fix Checked and close HJT.

Open Notepad and copy & paste in the following:

sc stop "McAfee Services"
sc stop "McAfee Network Agent"
sc stop "McAfee Redirector Service"

del /q fix2.bat

Save it as fix2.bat to the desktop and double-click on it to run it.

Try now to access the control panel. If you can't, then try this:

Go Start > Run and type in cmd.

Copy or type in this:

regedit /e C:\policy.txt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Copy and paste c:\policy.txt here then please.

Edited by Tigger93, 19 January 2008 - 04:14 PM.

[EZneedshelp]

ok i did as you said but i still cant access cirtain things in my control panel and what you told me to fix doesnt disappear from HJT.... oh anf the path you gave me for the cmd is wrong i think because the computer wount accept it and i tried looking for it myself and nothing i could find

[Tigger93]

My apologies about that, try this one instead:

Copy or type in this:

REGEDIT /E C:\policy.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"

Copy and paste c:\policy.reg here then please.

Edited by Tigger93, 20 January 2008 - 09:08 AM.

[EZneedshelp]

ok i copied and pasted exacly what you told me and nothing happens so then i tried to just put regedit and it open up the registry editor and i followed the path you gave me but once it gets to /explorer the next folder is Run and only a (default) thing.... i dont know if this will help but i run my OS from the D drive( its bigger) but the boot info is in the C drive... (i have two OS, one on each.....).....

[Tigger93]

Well I'm not sure then.

But, from what I can see, your problem isn't related to malware.

I would advise posting it here:
http://www.geekstogo...2003-NT-f5.html

And asking and someone should be able to help. If they ask you to post in the malware forum again, tell them that you were clean.

Sorry I couldn't be of more help.

[EZneedshelp]

thanks alot though!!!! you helped me clean out my computer... its ok ima post my problem where you said.....

[Tigger93]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.