There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express php pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
General Security
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > General Security >
w32.myzor.FK@yf on friends pc


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
crazymomof2's Avatar
Senior Member with 143 posts.
  
Join Date: Jan 2004
Experience: Intermediate
25-Nov-2007, 05:26 PM #1
Exclamation w32.myzor.FK@yf on friends pc
Hello all

I am trying to help my friends fix a huge problem on their pc. I can't get online to download the programs needed to fix the problems and my laptop disk drive is not working to copy the files and their computer won't allow my jump drive. WHAT DO I DO????

Please help me

Sincerely,
Stacy
crazymomof2's Avatar
Senior Member with 143 posts.
  
Join Date: Jan 2004
Experience: Intermediate
26-Nov-2007, 05:08 PM #2
Updated
Here is a SDFix log


SDFix: Version 1.115

Run by John Platevoet on 2007-11-26 at 16:50

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 17:02:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 6 Mar 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 26 Jul 2005 2,224 A.SH. --- "C:\Documents and Settings\John Platevoet\Application Data\Roxio\Dragon\DiscInfoCache\SAMSUNG__CD-R_RW_SW-240B__BD11_300_DICV018_DRGV20100BC.TMP"
Sun 6 Mar 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
crazymomof2's Avatar
Senior Member with 143 posts.
  
Join Date: Jan 2004
Experience: Intermediate
26-Nov-2007, 05:09 PM #3
Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 17:09, on 2007-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\John Platevoet\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {F44D8E66-7BB6-49BD-A924-5E0368C00FD1} - C:\Program Files\Video Add-on\isfmdl.dll
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Nesjemannen's Avatar
Computer Specs
Senior Member with 197 posts.
  
Join Date: Nov 2007
Location: Molde, Norway!
Experience: AdvancedComputerKnowledge
26-Nov-2007, 05:21 PM #4
Update your Hijackthis,
http://www.filehippo.com/download/0e...c07c/download/

Then Run a scan and post the log in the Malware and HJT forum


Good luck!
crazymomof2's Avatar
Senior Member with 143 posts.
  
Join Date: Jan 2004
Experience: Intermediate
26-Nov-2007, 05:31 PM #5
Yes now that I can go online I will update that

Thank you
crazymomof2's Avatar
Senior Member with 143 posts.
  
Join Date: Jan 2004
Experience: Intermediate
26-Nov-2007, 05:32 PM #6
I am running Ad-Aware at this moment so as soon as that is finished I will do the HJT

Also I ran the combofix and now the clock is wrong. I think one of my kids touched the keyboard while it was running
cybertech's Avatar
Computer Specs
Moderator with 58,084 posts.
  
Join Date: Apr 2002
Location: Washington State
27-Nov-2007, 03:08 PM #7
Closed Thread

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:01 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.