1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Pls!!! LAptop nearly useless after virus

Discussion in 'Virus & Other Malware Removal' started by amogh_nayak, Nov 3, 2007.

Thread Status:
Not open for further replies.
  1. amogh_nayak

    amogh_nayak Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    Hi,
    The other day, while browsing, I got a notice that a virus was detected and that the antivirus software had cured it (Unfortunately, I did not note the virus name). Things went well after that. However, next day when I rebooted my laptop, the desktop went blank with no status bar etc atr the bottom. I had to use task manager to start any programs. I also tried use a round about way to get windows explores (through notepad -> Open and then click a directory and try right click + Explore, but it gives a error and explorer doies not come up). IE can be started through task manger though.

    This is the Hijackthis log...Would appreciate any help.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:00:24 PM, on 10/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\UMCSTUB.EXE
    C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\amogh_n\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://sparsh/kec.pac
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PmProxy] "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
    O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\UAM\Agents\amagent.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Project Office 4.0 - http://peiis/ProjectOffice/POBin/cabs/poexpress.cab
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/gam...ts/y/st3_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download...=pp_1136830114
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mcn.dowjones.com,dowjones.net,dowjones.com,win.dowjones.net,ad.infosys.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mcn.dowjones.com,dowjones.net,dowjones.com,win.dowjones.net,ad.infosys.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mcn.dowjones.com,dowjones.net,dowjones.com,win.dowjones.net,ad.infosys.com
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
    O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    O23 - Service: Asset Management SW Meter Agent (SWMSVC) - Computer Associates International, Inc. - C:\Program Files\CA\UAM\Agents\SWMSvc.exe
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647302

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice