1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please help i am infected

Discussion in 'Virus & Other Malware Removal' started by balistic, Jul 3, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
    :banghead: Please read description below the log, thanks. (y)

    Logfile of HijackThis v1.99.1
    Scan saved at 3:51:53 AM, on 7/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\NETCMD.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\NetLimiter 2 Pro\NLClient.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Security Task Manager\TaskMan.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\balistic\Desktop\hijackthis_sfx\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_all.htm
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - (no file)
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/code]

    ----------------------------

    The problem is C:\WINDOWS\SYSTEM32\NETCMD.EXE which is a keylogger that none of the antiviruses will remove, nor Trojan hunter etc :( i have no clue where i got it from ive had my suspisions for a while now, not because passwords or anything were changed, only because the file name was in caps and most other sys32 filenames arent. So i installed Security task manager which can grab text from within the program, this is what it grabed:

    Code:
    \AYO X Logger\AYO Spy 1.041\Server V1.041\AYO.vbp
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Auto Login
    \AYO X Logger\AYO Spy 1.041\Server V1.041\AYO.vbp
    netcmd .exe
    netconfig .exe
    Right Click
    Left Click
    Software\Microsoft\Active Setup\Installed Components
    3qF\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
    Install Dir
    Software\Zone Labs\ZoneAlarm\plugin\obj\001
    font color
    font color
    font color
    Sign In
    font color
    font color
    font color
    font color
    Inside Yahoo
    form9 action
    hidden name
    em Value
    hidden name
    The page cannot be found
    TEXTAREA readonly
    msg rows
    INPUT style
    submit value
    script language
    Save Password
    Admin group
    Limited Account
    font face
    Tahoma color
    table style
    td bgColor
    f4f4f4 width
    font color
    0033CC size
    font color
    User Name 
    There was No New Contact 
    font color
    font color
    font color
    font color
    font color
    font face
    Tahoma size
    table style
    td bgColor
    f4f4f4 width
    font color
    0033CC size
    td bgColor
    font color
    0033CC size
    td bgColor
    f4f4f4 width
    td bgColor
    f4f4f4 width
    td bgColor
    f4f4f4 width
    font face
    Tahoma size
    Up Passwords 
    table style
    No icon resources found in source file
    Source icon directory is corrupt
    td bgColor
    f4f4f4 width
    font color
    0033CC size
    Connection Name 
    td bgColor
    f4f4f4 width
    font size
    Failed to get handle to source file
    td bgColor
    f4f4f4 width
    font size
    td bgColor
    f4f4f4 width
    font size
    font face
    Tahoma size
    Up Passwords 
    table style
    td bgColor
    f4f4f4 width
    font color
    0033CC size
    There was no new entry.
    Current entries were sent before 
    span lang
    span lang
    Source icon bitmap is corrupt
    Invalid icon in source file
    Destination file could not be opened
    Destination file could not be loaded
    Failed to locate resource in specified file
    Failed to load resource in specified file
    Internet Explorer
    font face
    Tahoma size
    Cached Passwords 
    td bgColor
    f4f4f4 width
    font color
    0033CC size
    Site Address 
    td bgColor
    f4f4f4 width
    font size
    Sign In
    Internet Explorer
    **** the one who is trying to Crack this Application D  _From B56mx 
    YTuck th
    dhHijkDDEPVr ethC8alEngi
    ----------------
    ****k
    GetProcAddress
    LoadLibraryA
    fac8_vbExp_t
    Frlas
    zVNT_SIWKSAdRenLDBFunc
    MUbe
    K/ib
    taThqn
    /kDui.w
     Hto
    qima
    padk
    CacApw
    isry
    tign9 I
    ZTaai
    0RNXLOPadqe8ik
    Bsdgmavw
    ZeTjg
    IhiB
    tYyyogXp
    ,iBk
    \aEHaole/
    VdUu
    OdManLm
    VDLokupAco4t
    MulfBy
    KL/Qoolicyt
    ,Kxepsky
     iik
    apVHForTBMc
    Svzdo\B986.OLTBJTR
     Enum
    VGlobgHDDr4C
    RtlMovekH4EF
    Csurc
    F\ds/LotibrM,9H
    mpuRL4DBb,LC4X
    CusA
    ialFo4d
    LysNmDirc
    GtShorPa
    J9Akernl3Q2,
    advpck.
    yqLAoEUT2NYDf
    a,evhGmp4bsFHX82
     Laf
     cosHan
    ,yocf.2x
    LP_M0RCnewb
    ainFITsk
    ulvqf
    vY4VOB83.bFu
    XLog
    qooq
    oooq
    oooZooq
    oooq
    ookgq
    niied
    keeik
    ZdeaPaadeiiedd
    ZNNPPadeeiieeda
    TOPPaadeeikkiieed
    ProcCallEngine
    __vbaExceptHandler
    EVENT_SINK_QueryInterface
    EVENT_SINK_Release
    DllFunctionCall
    EVENT_SINK_AddRef
    MethCallEngine
    strText
    strTitle
    Data2send
    LogFilePath
    Label1
    FinalOut
    Connect
    Data2Log
    tmrLog
    tmrMatch
    tmrSendMail
    McKill
    qooq
    oooq
    oooZooq
    oooq
    ookgq
    niied
    keeik
    ZdeaPaadeiiedd
    ZNNPPadeeiieeda
    TOPPaadeeikkiieed
    MainF
     Password 
    2 color
    /font
    3 color
    ndex
    shimgvw.dll,ImageView_Fullscreen 
    rundll32.exe 
    /table
    /font
    /font
    /span
    .SwapIcon.bas
     border
     borderColor
    left
    float
     collapse
    collapse
    border
    Dial
    3 color
    /font
    /font
     Phone Number 
    2 color
     Password 
    2 color
    /table
     User Name 
    2 color
    /font
     border
     borderColor
    left
    float
     collapse
    collapse
    border
    Dial
    3 color
    /font
    _RasDefaultCredentials
    RasDialParams
    Microsoft\Network\Connections\pbk\rasphone.pbk
    About
     border
     borderColor
    left
    float
     collapse
    collapse
    border
     Chat Contacts 
    Yahoo
    3 color
    /table
    /font
    /font
    Settings
    Windows
    yahoo.com
    \Archive\Messages\
    /font
    Contacts 
    /font
    yahoo.com
    System
    Start
    Yahoo
    /table
    Screen
    Messenger\Profiles\
    /table
    /font
    /font
    /font
    /font
    /font
     System Info 
     border
     borderColor
    left
    float
     collapse
    collapse
    border
    MpfTray.exe
    winver.exe
    uckk
    DisableRegistryTools
    DisableTaskMgr
    Quit
    Title
    Busy
    Click
    Item
    document
    navigate
    InternetExplorer.application
    /script
    form9.submit
    vbscript
    . name
     type
     color
    CoTaskMemFree
    PStoreCreateInstance
    pstorec.dll
     I have recorded these Info for ya 
    1 cols
     name
     font
     color
    border
    1 style
    From 
     Value
    post
     method
    /title
    title
     saved from url
    /font
    /font
    /font
    /font
    /font
     Messenger
    Yahoo
    /font
    /font
    Pasted
    ****
    /font
    Yahoo
    .exe
    \Taskmon
    DialParamsUID
    LocalFree
    LocalAlloc
    GlobalFree
    GetVersionExA
    SHGetSpecialFolderPathA
    shell32.dll
    GetPrivateProfileIntA
    LookupAccountNameA
    IsValidSid
    ConvertSidToStringSidA
    WideCharToMultiByte
    MultiByteToWideChar
    LsaFreeMemory
    LsaClose
    LsaRetrievePrivateData
    LsaOpenPolicy
    RasGetEntryPropertiesA
    RasGetEntryDialParamsA
    SystemCfg.dat
    \Help
    C\WINDOWS\system32\MSVBVM60.DLL\3
    3qClass
    SOFTWARE\KasperskyLab\AVP6
    path
    rasapi32.dll
    Software\Microsoft\Windows\CurrentVersion\
    Explorer.exe 
    Shell
    RasEnumEntriesAj
    RegQueryValueExA
    RegOpenKeyExA
    RegCreateKeyExA
    RegCloseKey
    SwapIcon.bas
    RegSetValueExA
    RegDeleteKeyA
    PcInfo
    GetLog2Send
    DisYat
    DisYp
    DisReg
    DisTask
    WriteLog
    GetKeyState
    GetAsyncKeyState
    GetWindowTextLengthA
    GetWindowTextA
    GetForegroundWindow
    tmrMatch
    McKill
    Form
    tmrSendMail
    Label1
    Data2Log
    FinalOut
    tmrLog
    asliAzAfta\
    SystemTimeToFileTime
    LocalFileTimeToFileTime
    SetFileTime
    FindClose
    FindFirstFileA
    FindResourceA
    lstrlenA
    EnumResourceNamesA
    GlobalUnlock
    GlobalLock
    RtlMoveMemory
    LockResource
    LoadResource
    FreeLibrary
    LoadLibraryExA
    SetFilePointer
    ReadFile
    CreateFileA
    GetComputerNameA
    GetUserNameA
    advapi32.dll
    KillTimer
    SendMessageA
    VirtualFreeEx
    WriteProcessMemory
    GetWindowThreadProcessId
    VirtualAllocEx
    FindWindowExA
    FindWindowA
    InternetGetConnectedStateEx
    wininet.dll
    Process32Next
    Process32First
    CreateToolhelp32Snapshot
    TerminateProcess
    OpenProcess
    .com/
    .exe
    kernel32.dll
    SHGetPathFromIDList
    SHGetSpecialFolderLocation
    GetTempPathA
    GetSystemDirectoryA
    GetShortPathNameA
    advpack.dll
    SYSTEM\CurrentControlSet\Services\TlntSvr
    SYSTEM\ControlSet002\Services\TlntSvr
    IsNTAdmin
    Software\Yahoo\Pager\
    Software\Microsoft\Windows\CurrentVersion\Policies\System\
    MicrosoftApp32\
    CloseHandle
    netconfig.exe
    netcmd.exe
    netconfig.exe
    netcmd.exe
    syschost.exe
    syslnfo.exe
    sysinfo.exe
    sysver.exe
    newbn
    MainF
    PsibPsnDs
    PsoCs
    
    ----- Windows Title -----
     
    
    
    It looks nasty and i really would like to fix it without having to format my pc :(
    
    please someone help me im going crazy
    
    
    edit: i found the site [url]http://ayosoft.net/english/index.htm[/url] but still dont know how to get rid of it please help.
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi balistic

    Welcome to TSG! :)

    I removed the code tags from your post. Please just copy and paste your logs. The code tags are unnecessary and make the post harder to read.

    I'll look at your HJT log now.
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
     
  4. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
    Sorry about the code tags, also i had previously tried a few other online virus scans for the purpose of just seeing if they could detect it (the panda one and some other). Here is the results you requested.

    ---

    BitDefender Online Scanner

    Scan report generated at: Wed, Jul 04, 2007 - 08:23:23

    Scan path: C:\;D:\;E:\;F:\;

    Statistics

    Time 01:30:35

    Files 336363

    Folders 5645

    Boot Sectors 5

    Archives 7609

    Packed Files 7813

    Results

    Identified Viruses 0

    Infected Files 0

    Suspect Files 0

    Warnings 0

    Disinfected 0

    Deleted Files 0


    Engines Info

    Virus Definitions 636723

    Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

    Scan plugins 14

    Archive plugins 38

    Unpack plugins 6

    E-mail plugins 6

    System plugins 1

    Scan Settings

    First Action Disinfect

    Second Action Delete

    Heuristics Yes

    Enable Warnings Yes

    Scanned Extensions *;

    Exclude Extensions

    Scan Emails Yes

    Scan Archives Yes

    Scan Packed Yes

    Scan Files Yes

    Scan Boot Yes

    Scanned File

    Status No virus found.
    ---
     
  5. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
    sorry i forgot to post this hjt log. (i had to rename hjt to me.exe to get it to show netcmd again)

    Logfile of HijackThis v1.99.1
    Scan saved at 1:11:40 PM, on 7/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\SYSTEM32\NETCMD.EXE
    C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetLimiter 2 Pro\NLClient.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\balistic\Desktop\hijackthis_sfx\me.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_all.htm
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - (no file)
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
    :( i still need help
     
  7. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Patience please. This isn't live tech support. I'm not here 24/7 and this is a holiday in the US!
     
  9. balistic

    balistic Thread Starter

    Joined:
    Jul 3, 2007
    Messages:
    6
    i know, i know, but my post was being carried off in the sea of posts i just didnt want it to fall out of helps eye :( sorry
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.
          [*]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    * Click Here and download Killbox and save it to your desktop.

    * Double-click on Killbox.exe to run it.
    • Put a tick by Delete on Reboot.
    • In the "Full Path of File to Delete" box, copy and paste the following line:

      C:\WINDOWS\SYSTEM32\NETCMD.EXE

    • Click on the button that has the red circle with the X in the middle.
    • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
    • Click Yes and let the computer reboot.
    * After it reboots, run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan. Also leave the pc alone during the scan. Don't surf the net or run any programs. Just let the scan run.

    Post a new HiJackThis log along with the results from ActiveScan
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/591378

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice