1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer acting strangely

Discussion in 'Virus & Other Malware Removal' started by El-Grosso, Jun 1, 2009.

Thread Status:
Not open for further replies.
  1. El-Grosso

    El-Grosso Thread Starter

    Joined:
    Oct 4, 2007
    Messages:
    24
    Hey, I recently encountered a pretty big virus on my computer which rendered it pretty much useless. After extensive removal of malware using Spyware Doctor, I think I got the worst of it out of the way, but it seems ot have left my comptuer pretty badly damaged.

    Mcafee AntiVirus wouldn't let me do anything, not even scan my computer as there was always a different error, and even when I installed the free AVG antivirus, that just seemed to hang.

    My computer also does not recognise external flash drives like my 4GB memory stick which works fine in my other computer. I also seem to be getting a lot more blue screens than I use to which I can't seem to sort out. I have an XP CD at hand, but I don't really know how to reinstall windows using it, plus, it's a serive pack 1 CD and my computer has Serivce Pack 3. Below is my log, please help. Thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:21:47, on 01/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    D:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\FolderSize\FolderSizeSvc.exe
    D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Kontiki\KService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    D:\Program Files\Spyware Doctor\pctsAuxs.exe
    D:\Program Files\Spyware Doctor\pctsSvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Spyware Doctor\pctsTray.exe
    D:\WINDOWS\System32\dmadmin.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    D:\Program Files\Vista Drive Icon\DrvIcon.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\vsnpstd3.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\RocketDock\RocketDock.exe
    D:\Program Files\LClock\lclock.exe
    D:\Program Files\VisualTooltip\VisualToolTip.exe
    D:\Program Files\Vista Start Menu\VistaStartMenu.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\Program Files\Internet Download Manager\IDMan.exe
    D:\Program Files\Kontiki\KHost.exe
    D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\iTunes\iTunes.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    D:\Program Files\ManyCam 2.4\ManyCam.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\Program Files\UltraMon\UltraMon.exe
    D:\Program Files\UltraMon\UltraMonTaskbar.exe
    D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    D:\PROGRA~1\AVG\AVG8\avgrsx.exe
    D:\Program Files\AVG\AVG8\avgcsrvx.exe
    D:\PROGRA~1\AVG\AVG8\avgnsx.exe
    D:\Program Files\AVG\AVG8\avgscanx.exe
    D:\Program Files\AVG\AVG8\avgcsrvx.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\AVG\AVG8\avgscanx.exe
    D:\Program Files\AVG\AVG8\avgcsrvx.exe
    D:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13bc9810-6725-4921-bc87-b287ea929607} - D:\WINDOWS\system32\defadegi.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
    O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [ISTray] D:\Program Files\Spyware Doctor\pctsTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a4189ede] rundll32.exe "D:\WINDOWS\system32\yasabetu.dll",b
    O4 - HKLM\..\Run: [zojifoyobo] Rundll32.exe "D:\WINDOWS\system32\gefuvura.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe
    O4 - HKCU\..\Run: [LClock] D:\Program Files\LClock\lclock.exe
    O4 - HKCU\..\Run: [VisualTooltip] D:\Program Files\VisualTooltip\VisualToolTip.exe
    O4 - HKCU\..\Run: [VistaStartMenu] D:\Program Files\Vista Start Menu\VistaStartMenu.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKUS\S-1-5-19\..\Run: [zojifoyobo] Rundll32.exe "D:\WINDOWS\system32\kivereza.dll",s (User 'LOCAL SERVICE')
    O4 - Global Startup: iTuness.lnk = D:\Program Files\iTunes\iTunes.exe
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Mail.lnk = D:\Program Files\Windows Live\Mail\wlmail.exe
    O4 - Global Startup: ManyCam.lnk = D:\Program Files\ManyCam 2.4\ManyCam.exe
    O4 - Global Startup: UltraMon.lnk = D:\Program Files\UltraMon\UltraMon.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: D:\WINDOWS\system32\wigimogo.dll
    O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: McAfee Application Installer Cleanup (0144951243863786) (0144951243863786mcinstcleanup) - Unknown owner - D:\DOCUME~1\Jamie\LOCALS~1\Temp\014495~1.EXE (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - D:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ThreatFire - PC Tools - D:\Program Files\Spyware Doctor\TFEngine\TFService.exe

    --
    End of file - 14070 bytes
     
  2. El-Grosso

    El-Grosso Thread Starter

    Joined:
    Oct 4, 2007
    Messages:
    24
    Please, isn't there anything in my log that cane be disabled? I've tried doing scans with many anti virus pieces of software, but it always just stops half way through. I can't even do a Windows Update because this malware always turns off my automatic updates right after i enable them.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/831740

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice