1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ive got a virus...

Discussion in 'Virus & Other Malware Removal' started by catastrophee, Jan 31, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. catastrophee

    catastrophee Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    154
    Im not too sure what it is but when i start up my comp the start bar doesnt work and my whole computer doesnt work properly. Basicly I cant access my internet and the whole system is slowed majorly... i have no clue what to do. I do notice some suspicious processes running and ive tried rebooting in safe mode and removing them and i tried alot of stuff....

    Can anyone help me ??
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    You want to post a Hijackthis log I assume, and you can easily do this by using a floppy disk provided both computers have that type of drive (3.5 floppy drive, or A:\)

    Download Hijackthis.exe to a floppy disk---the link is down at the end of my reply.

    Put the disk into the bad computer's floppy drive, after the pc is started up.

    You do not need Internet access on that pc to do this.

    Open Windows Explorer and hit C: drive so the folders etc show over on the right side.

    At the top, select File>New Folder, but rename the new folder to HJT, then, hit Drive A: to see the hijackthis.exe file, then EDIT> Copy, then click on the new HJT folder on drive C: that you made, EDIT> Paste and the hijackthis.exe file should be copied to C:\HJT folder so you can run it on the bad pc.

    When you have hijackthis.exe in the HJT folder:

    Start hijackthis.exe by double clicking it from the HJT folder and use the Scan button, it will scan and when done the Save Log button will show. Save the log as hijackthis.txt and copy and paste it back to the floppy disk.

    Take the floppy disk to a good computer you access TSG with, come back to this thread, and copy and paste the log to a Reply to this thread.

    http://tools.radiosplace.com/HijackThis.exe

    NOTE: We are used to helping with pc's that do not have good Internet access, you can work this way but there will of course be a lot of going back and forth to post new logs, do the fixes... but after a few, there should be an improvement
     
  3. catastrophee

    catastrophee Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    154
    ok i got the log but as i was getting the log i took the jumper off one of the HD that is hooked up to that computer but wasnt worked ( another problem i was gonna resolve after this one) adn when i started the comp up i got this message ( and yes ive tried putting it back in) " windows could not start becayse the following file is missing or corrupt:\windows\SYSTEM32\CONFIG\SYSTEM.

    Ive got the log burned on a cd but i need to get the cd drives on this computer working first so ill do that now and hope somoene comes to my rescue!
     
  4. catastrophee

    catastrophee Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    154
    Alright i got the jumper settings working and the drives are working...... here is the HJ log of the compt!

    Logfile of HijackThis v1.98.2
    Scan saved at 2:31:51 PM, on 04/02/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\LEXBCES.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\LEXPPS.EXE
    C:\windows\system32\rundll32.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\windows\Explorer.EXE
    C:\windows\SOUNDMAN.EXE
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\System32\kquvky.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AdsGone\adsgone.exe
    C:\Documents and Settings\Jon Leviathan\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 24.42.183.77
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: (no name) - {F289190D-B2CC-EE3F-3D6B-C4BB8F73BDFA} - (no file)
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\windows\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\windows\CTRegRun.EXE
    O4 - HKLM\..\Run: [mediamotor.exe] C:\windows\mmups.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [prutlct] C:\windows\System32\prutlct.exe
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
    O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O16 - DPF: DigiChat Applet - http://www.overgrow.com/DigiChat/DigiClasses/Client_IE.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325280

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice