Need a Miracle
#1
Posted 16 June 2005 - 08:32 AM
#2
Posted 16 June 2005 - 08:34 AM
- Please download Spybot Search & Destroy 1.4 then follow and print the instructions found HERE. For Ad-Aware 1.06 follow and print the instructions found HERE. Read More...
- Please Download the stand-alone version of CoolWebShredder , Extract it & run the program. Click the Check for Updates, download if there is available, then click Fix ->.
- Download and install Cleanup, then run.
Now, REBOOT in Normal Mode and have an On-line scan at this sites: Trend Micro or Panda Scan or BitDefender.
REBOOT again.
Lets see how it goes.
#3
Posted 16 June 2005 - 08:48 AM
also, when i drag box across the screen it leave a trail...don't know if it helps..
Edited by L0$t, 16 June 2005 - 08:53 AM.
#4
Posted 16 June 2005 - 08:54 AM
#5
Posted 16 June 2005 - 09:04 AM
does that mean you followed the advice above...or cannot?
i can't get online (using work pc right now), the only thing i did was run Ad-Aware SE and luckly i got NSWorks to come up, doing a one button checkup but the repair is taking forever.....don't know if doing a virus scan will help but running it anyway....norton cleanup scan showed 8804 errors but i think it froze up when started the fix....
Edited by L0$t, 16 June 2005 - 09:12 AM.
#6
Posted 16 June 2005 - 09:13 AM
Download and run WINSockFixXP, if you lost your internet connections due to malware.
#7
Posted 16 June 2005 - 09:18 AM
Did you mean you lost your Internet connections? Or its just your PC wont recognize a connection?
Download and run WINSockFixXP, if you lost your internet connections due to malware.
i connect on my laptop through my cell phone, but right now the program i use for connecting will not recognise the cellphone and will not link it to the laptop... also at start up "Ware-out" program comes on, even though i never downloaded it....says it's a spyware program....
#8
Posted 16 June 2005 - 09:22 AM
Then post a log in the malware forum in my signature and explain that you cannot follow the instructions in the READ THIS FIRST thread because your machine cannot get online. They will do some triage fixes to get you up and running to the point where they can get you functional, then take it to the next level.
Then, if any problems remain after you get a clean bill of health, return to this thread.
#9
Posted 16 June 2005 - 09:27 AM
lost, get a copy of hijackthis and put it on a floppy....run it from a floppy and save a log.
Then post a log in the malware forum in my signature and explain that you cannot follow the instructions in the READ THIS FIRST thread because your machine cannot get online. They will do some triage fixes to get you up and running to the point where they can get you functional, then take it to the next level.
Then, if any problems remain after you get a clean bill of health, return to this thread.
i'll try it......thanks much
#10
Posted 16 June 2005 - 01:11 PM
finished a norton virus scan, found multiple trojan droppers and download.trojan but couldn't delete, not even manually cause i can't access many thigs suck as My Computer....
also when i tried to get on line it gave me this address "http://securityrespo...jan_horse.html"
what now?
#11
Posted 16 June 2005 - 01:20 PM
#12
Posted 16 June 2005 - 01:23 PM
Edited by L0$t, 16 June 2005 - 01:24 PM.
#13
Posted 16 June 2005 - 01:28 PM
Start > Run, type
msconfig
<enter>
On the general tab, select SELECTIVE START UP then uncheck
load system.ini
load win.ini
load startup services
load startup items
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.
If not, Start > Run, type
msconfig
<enter>
check load startup items
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.
If not, Start > Run, type
msconfig
<enter>
check load startup services
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.
If not, Start > Run, type
msconfig
<enter>
check load win.ini
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.
If not, Start > Run, type
msconfig
<enter>
check load system.ini
Reboot.
Does the error repeat? If not, continue with the next part. If so, go to STEP 2.
Report back
-------------------------------------
STEP 2
When you find the error, repeating, you have arrived at the group that is causing the problem.
Leave everything as is and go to the tab with the same name as the one you just re-enabled and uncheck everything you find within the tab....reboot.
Does the probelm recur? If not, check one item and reboot, continuing until you discover the offending application/service
Then report back
#14
Posted 16 June 2005 - 01:50 PM
here is the log....
#15
Posted 16 June 2005 - 01:52 PM
Scan saved at 2:33:55 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Sebastian\My Documents\HijackThis1991.exe
R3 - URLSearchHook: (no name) - {5857ADAC-BDD8-C990-D4B5-F024204BBF0F} - (no file)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\fixos.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\fixos.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82...hm::/update.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118500768382
O17 - HKLM\System\CCS\Services\Tcpip\..\{996E5203-07DF-4B04-8B9D-D5830113ECF2}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B86B46F6-0654-4568-9627-3BBD0AA885B7}: NameServer = 69.50.184.84,195.225.176.37
O20 - Winlogon Notify: style2 - C:\WINDOWS\q375663968_disk.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users