1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Possibly Infected (Log File inside)

Discussion in 'Virus & Other Malware Removal' started by reddz95, Oct 6, 2005.

Thread Status:
Not open for further replies.
  1. reddz95

    reddz95 Thread Starter

    Joined:
    Oct 6, 2005
    Messages:
    1
    Recently got the poka poka virus...i ran several scans, and bleieve i got it and several other spyware thingys out of my registry...i still see some possible files that arent good, plz lend me some ideas since my PC seems to run a bit glitchy espeically with games/programs that prior ran better. I'm not sure if it matters but this file was not taken while in safe mode...rather in normal windows mode....

    Logfile of HijackThis v1.99.1
    Scan saved at 9:50:00 PM, on 10/6/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WLService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WMP55AGV2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\XoftSpy\XoftSpy.exe
    C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
    C:\Documents and Settings\Raphael Kosmicki\Desktop\HijackThis.exe
    C:\Documents and Settings\Raphael Kosmicki\Desktop\h\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O2 - BHO: (no name) - {00000000-0000-4BA8-A7B0-0ACE5E31815D} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
    O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\InetGet\Adperform180safull.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
    O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WMP55AGV2 - Unknown owner - C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WLService.exe" "WMP55AGV2.exe (file missing)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Please download LQfix.exe and save it to your desktop.
    • Double-Click LQfix.exe and click Next > Next > Install.
    • Leave the default settings, if you change them, the fix will Fail!
    • Now make sure the "Launch LQfix" box is checked.
    • Click the Finish button, after clicking the Finish button the fix will start.
    • Follow the on-screen prompts.
    • Your system will now reboot afterwards.
    • Please be patient after the reboot, there is a script running in the background that needs to complete.

    Post a new Hijack This log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/405252

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice