Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run Hijacktihs or regedit or reglite or Microsoft Spyware [C

Started by Captain Paralytic , Dec 20 2005 03:29 PM

  • This topic is locked This topic is locked

#1
Captain Paralytic
Posted 20 December 2005 - 03:29 PM

Captain Paralytic

    New Member

  • Member
  • Pip
  • 1 posts
My niece has an infection that seems to be preventing all the above programs from running.
I was able to run xraypc and get a log out of that, but when I try to run HJT, it just starts to run and then ends. Likewise with all the other listed programs.

I note that 2 of the processes that are shown as running are C:\WINDOWS\system32\skiczwkqi\csrss.exe and C:\WINDOWS\system32\skiczwkqi\smss.exe, but there is no skiczwkqi subdirectory off of system32 that I can see.

One of the other symptoms is that the home page is getting set to http://www.messenger...orum/portal.htm

Oh also, I ran TrojanHunter but Ewido wouldn't run either.

Here is the xraypc log. Any help would be much appreciated.

Logfile of X-RayPc Build 38701 (Installed 1135110703)
Scan saved at 20/12/2005 20:57:19

Registry Settings:
IE Start Page (User) : http://www.google.co.uk/
IE Start Page (Global) : http://uk.yahoo.com
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://www.microsoft...er=6&ar=msnhome
IE Search Page (User) : http://www.microsoft...=ie&ar=iesearch
IE Search Page (Global) : http://www.microsoft...=ie&ar=iesearch
IE Default Search : http://www.microsoft...er=6&ar=msnhome
HOSTS Directory : %SystemRoot%\System32\drivers\etc

Running processes:
C:\WINDOWS\system32\services.exe (108032 c6ce6eec82f187615d1002bb3bb50ed4)
C:\WINDOWS\system32\lsass.exe (13312 84885f9b82f4d55c6146ebf6065d75d2)
C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\system32\LEXBCES.EXE (299008 aeedacc6fb20fdba95213ad3bb009b7d)
C:\WINDOWS\system32\LEXPPS.EXE (174592 f350ee5d5761cb9a0c8b0da8c463de1d)
C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)
C:\WINDOWS\system32\skiczwkqi\csrss.exe (74240 3bb57ce39a65147b4b560244c18e94da)
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (36975 61a3a9d5d98bf0331df5b716144a8100)
C:\Program Files\Dell\Media Experience\PCMService.exe (290816 e02c0e78e5cfb01bf9d1866dba18b456)
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (221184 bc02e491e88492b02363ce1b384ff7a7)
C:\WINDOWS\system32\skiczwkqi\smss.exe (24576 133534a8c9e4dc57574673da673027dd)
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe (57344 1b14bfb2459ad0ab9edf4de2ff18ea39)
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (57393 f2058cbb2f076febed709542f3789620)
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1123440 ef74eebb2d3ddc9f71c6d3cc8c7889c6)
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (57344 3c10d83705e89af11891e64f6f1027e6)
C:\Program Files\Real\RealPlayer\RealPlay.exe (26112 849d97fe4cc09cfc2772d10f641e1baf)
C:\WINDOWS\system32\CTSvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe (147456 1ff1298e77c4a4ba6702b3c84bd78b71)
C:\WINDOWS\system32\dla\tfswctrl.exe (122939 790490f273b0e3bcf05dc3c308abcc0b)
C:\Program Files\Messenger\msmsgs.exe (1694208 74e6e96c6f0e2eca4edbb7f7a468f259)
C:\WINDOWS\VM_STI.EXE (40960 0c18cf0d16418e9fb7069abb75860028)
C:\WINDOWS\system32\LXSUPMON.EXE (885760 bdbd516e37761ed51e602a54873d24cd)
C:\WINDOWS\system32\nvsvc32.exe (127043 190bf982638e4a0c98b334a39e50fb9f)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE (99840 ac6734e4051f7f799eae787dbde17545)
C:\WINDOWS\vsnpstd2.exe (40960 bc9ecbd26261b216f345c587acae6811)
C:\Program Files\BroadJump\Client Foundation\CFD.exe (368706 ba9af06103549a96f77036861fde357b)
C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (280576 e431814c506fd4fd1df82d56f178b4a5)
C:\Program Files\MSN Messenger\MsnMsgr.Exe (7086080 55406c4b910c174cdf36f66afca1a18c)
C:\WINDOWS\system32\MsPMSPSv.exe (53520 581176f60885aef8f78c6e38dcc3cdf9)
C:\Program Files\AVerTV USB 2.0 Plus\QuickTV.exe (253952 2ea4f9a5f7014dc8e2fb3b29eccf5837)
C:\Program Files\Yahoo!\Messenger\ypager.exe (2437120 026660d4078d8625230f0105179abf8a)
C:\PROGRA~1\NETMEE~1\conf.exe (1032192 b1b5c7807db18fa91c767645f8ec484a)
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Paul\xraypc\x-raypc.exe (342784 527778c1478242945263b2c9d4879ec9)

O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (63136 42729c3de75a7a51fc6f9ef6546c9199)
O2 - BHO: (DriveLetterAccess) - {5ca3d70e-1895-11cf-8e15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (118842 14eff6496cf0e873f8f7cd930b135cf9)
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O2 - BHO: (ST) - {9394ede7-c8b5-483e-8773-474bf36af6e4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (155648 0da1349495955cb41a5899047c5a1267)
O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll (1157120 356f49acb4a92470f9968b1e7e211410)
O2 - BHO: (MSNToolBandBHO) - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (282624 0deb8b7cad01ee86d1c4062e1b587c5a)
O3 - Toolbar: {ba52b914-b692-46c4-b683-905236f6f655} {ba52b914-b692-46c4-b683-905236f6f655} -
O3 - Toolbar: MSN {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (282624 0deb8b7cad01ee86d1c4062e1b587c5a)
O3 - Toolbar: Yahoo! Toolbar {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (343112 5e2f2db01f934243b74440f534880d19)
O3 - Toolbar: &Google {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll (1157120 356f49acb4a92470f9968b1e7e211410)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (4620288 70342bc15208b68242241fb0f22468fc)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (36975 61a3a9d5d98bf0331df5b716144a8100)
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (290816 e02c0e78e5cfb01bf9d1866dba18b456)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (221184 bc02e491e88492b02363ce1b384ff7a7)
O4 - HKLM\..\Run: [P3000x_S2P] C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe (57344 1b14bfb2459ad0ab9edf4de2ff18ea39)
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (57393 f2058cbb2f076febed709542f3789620)
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (40960 d009f0a9c05ff276545e57df37bd40bc)
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (57344 3c10d83705e89af11891e64f6f1027e6)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (26112 849d97fe4cc09cfc2772d10f641e1baf)
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (98304 c341ccfbe98bc7df6e0b856bb9fc265a)
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe (147456 1ff1298e77c4a4ba6702b3c84bd78b71)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (122939 790490f273b0e3bcf05dc3c308abcc0b)
O4 - HKLM\..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (110592 52b80c30225de81d7ac989dfe7311877)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (40960 0c18cf0d16418e9fb7069abb75860028)
O4 - HKLM\..\Run: [nwiz] C:\WINDOWS\system32\nwiz.exe (921600 96880791e6dde3fac08342c1d5b045ac)
O4 - HKLM\..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll (86016 ca342993cf9b669fa62cc23fdb04d6e6)
O4 - HKLM\..\Run: [pdfSaver3]
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE (885760 bdbd516e37761ed51e602a54873d24cd)
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE (99840 ac6734e4051f7f799eae787dbde17545)
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe (40960 bc9ecbd26261b216f345c587acae6811)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe (368706 ba9af06103549a96f77036861fde357b)
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (280576 e431814c506fd4fd1df82d56f178b4a5)
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe (49152 83a2f95630cb6daa233dad07d4114766)
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (7086080 55406c4b910c174cdf36f66afca1a18c)
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe (2437120 026660d4078d8625230f0105179abf8a)
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] C:\WINDOWS\system32\rundll32.exe
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8450560 c1bcfec67e712b6a00ad00adfcbfd02e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8450560 c1bcfec67e712b6a00ad00adfcbfd02e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (276480 6501db5182d5a8c0f1f1707286161d66)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (121856 297101a925ecffdcdf7f6341ffbb6c1a)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (225280 0cbe3e4166a08fc379eabf532b4efe18)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll (86016 939b69565c329748c6c0e94e138e1213)
O16 - DPF: {00b71cfb-6864-4346-a978-c0a14556272c} (Checkers Class)- http://messenger.zon...kr.cab31267.cab - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll (77408 42d567df86b9b7ac4a89664c9651b68b)
O16 - DPF: {04e214e5-63af-4236-83c6-a7adcbf9bd02} (HouseCall Control)- http://housecall60.t...all/xscan60.cab - C:\WINDOWS\Downloaded Program Files\xscan60.inf (2144 c4020a369df904999ce7ea2c85609b9f)
O16 - DPF: {166b1bca-3f9c-11cf-8075-444553540000} (Shockwave ActiveX Control)- http://download.macr...director/sw.cab - C:\WINDOWS\Downloaded Program Files\erma.inf (1271 d5897197b02d5b52547c7f60cd8f7c28)
O16 - DPF: {17492023-c23a-453e-a040-c7c580bbf700} (Windows Genuine Advantage Validation Tool)- http://go.microsoft....k/?linkid=39204 - C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf (495 b9bd48bb3650b572f370224e0610b586)
O16 - DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {3e68e405-c6de-49ff-83ae-41ee9f4c36ce} (Office Update Installation Engine)- http://office.micros...ntent/opuc3.cab - C:\WINDOWS\Downloaded Program Files\opuc.inf (227 e839dbb7ec89cabc4b7206c0a0896407)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class)- http://update.micros...b?1132996987875 - C:\WINDOWS\Downloaded Program Files\muweb.inf (293 49661eea139a8e565c102894374f4fa7)
O16 - DPF: {70ba88c8-dae8-4ce9-92bb-979c4a75f53b} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in)- http://java.sun.com/...indows-i586.cab - C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_06.inf (876 2d6b04e217eacb9c2cd6232a95f343de)
O16 - DPF: {8e0d4de5-3180-4024-a327-4dfad1796a8d} (MessengerStatsClient Class)- http://messenger.zon...nt.cab31267.cab - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll (160864 b069b555a00aa026f657aa4fd13ae154)
O16 - DPF: {b38870e4-7ecb-40da-8c6a-595f0a5519ff} (MsnMessengerSetupDownloadControl Class)- http://messenger.msn...pDownloader.cab - C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf (227 9e77f58fcaadc83336bd725a300261fa)
O16 - DPF: {cafeefac-0015-0000-0002-abcdeffedcba} (Java Plug-in)- http://java.sun.com/...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-0015-0000-0004-abcdeffedcba} (Java Plug-in)- http://java.sun.com/...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-0015-0000-0006-abcdeffedcba} (Java Plug-in)- http://java.sun.com/...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.5.0_06)- http://java.sun.com/...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (69746 d2cf6bb5e9020e6707b62575f8083954)
020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (597504 efc958396a7a7ef7e6d4a52b97512e18)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 cad4aa32e7eca00c23cc39c0eb833f9d)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (101888 587729679b4fe04ce06a5c61d6c56dcd)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (20992 d636fa41e50671160d838ea2dace3330)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)

Edited by Captain Paralytic, 20 December 2005 - 03:36 PM.

  • 0

Advertisements

#2
greyknight17
Posted 25 December 2005 - 12:41 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Merry Christmas and welcome to GTG.

Download CWS SmartKiller http://www.greyknigh...SmartKiller.exe and run it. See if it finds anything. If it does, then it should have removed the problem with running HijackThis and others.

If it didn't find anything, then try renaming HijackThis.exe to HijackThis.com instead and try running that now.
  • 0

#3
greyknight17
Posted 12 January 2006 - 09:16 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP