Ive got a virus...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

catastrophee

Thread Starter
Joined
Aug 4, 2004
Messages
154
Im not too sure what it is but when i start up my comp the start bar doesnt work and my whole computer doesnt work properly. Basicly I cant access my internet and the whole system is slowed majorly... i have no clue what to do. I do notice some suspicious processes running and ive tried rebooting in safe mode and removing them and i tried alot of stuff....

Can anyone help me ??
 

mjack547

Malware Specialist
Joined
Sep 1, 2003
Messages
3,181
You want to post a Hijackthis log I assume, and you can easily do this by using a floppy disk provided both computers have that type of drive (3.5 floppy drive, or A:\)

Download Hijackthis.exe to a floppy disk---the link is down at the end of my reply.

Put the disk into the bad computer's floppy drive, after the pc is started up.

You do not need Internet access on that pc to do this.

Open Windows Explorer and hit C: drive so the folders etc show over on the right side.

At the top, select File>New Folder, but rename the new folder to HJT, then, hit Drive A: to see the hijackthis.exe file, then EDIT> Copy, then click on the new HJT folder on drive C: that you made, EDIT> Paste and the hijackthis.exe file should be copied to C:\HJT folder so you can run it on the bad pc.

When you have hijackthis.exe in the HJT folder:

Start hijackthis.exe by double clicking it from the HJT folder and use the Scan button, it will scan and when done the Save Log button will show. Save the log as hijackthis.txt and copy and paste it back to the floppy disk.

Take the floppy disk to a good computer you access TSG with, come back to this thread, and copy and paste the log to a Reply to this thread.

http://tools.radiosplace.com/HijackThis.exe

NOTE: We are used to helping with pc's that do not have good Internet access, you can work this way but there will of course be a lot of going back and forth to post new logs, do the fixes... but after a few, there should be an improvement
 

catastrophee

Thread Starter
Joined
Aug 4, 2004
Messages
154
ok i got the log but as i was getting the log i took the jumper off one of the HD that is hooked up to that computer but wasnt worked ( another problem i was gonna resolve after this one) adn when i started the comp up i got this message ( and yes ive tried putting it back in) " windows could not start becayse the following file is missing or corrupt:\windows\SYSTEM32\CONFIG\SYSTEM.

Ive got the log burned on a cd but i need to get the cd drives on this computer working first so ill do that now and hope somoene comes to my rescue!
 

catastrophee

Thread Starter
Joined
Aug 4, 2004
Messages
154
Alright i got the jumper settings working and the drives are working...... here is the HJ log of the compt!

Logfile of HijackThis v1.98.2
Scan saved at 2:31:51 PM, on 04/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\windows\system32\rundll32.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\windows\System32\kquvky.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Documents and Settings\Jon Leviathan\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 24.42.183.77
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {F289190D-B2CC-EE3F-3D6B-C4BB8F73BDFA} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\windows\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CTRegRun] C:\windows\CTRegRun.EXE
O4 - HKLM\..\Run: [mediamotor.exe] C:\windows\mmups.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [prutlct] C:\windows\System32\prutlct.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: DigiChat Applet - http://www.overgrow.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top