 |  |  |  |  |  |  |  |
HELP!!! i'm infected!!
 |
ok guys here's the deal. i've got a whole 'brunch menu' of all sorts of anti-virus and anti-ad-ware programs installed on my laptop these days. i've ran them all and nothing seems to be bringing my laptop back to normal. besides a few hick-up's here and there i.e. delays in uploading of internet pages and general slow-down of the system itself, my biggest concern at the moment though is the inability to load the page of my hotmail account starting already at the sign in page; some parts of the pages work once i've signed in and some don't. it also 'toggles' several times, each time i click on a link. hopefully that makes sense.
attached is an example:
i hope you can give me some suggestions on how to fix this problem. i'm almost afraid to say that it may be a prob with the registry...but what do i know? ...basically zip when it comes to these things. thanks for your help in advance! :o
attached is an example:
i hope you can give me some suggestions on how to fix this problem. i'm almost afraid to say that it may be a prob with the registry...but what do i know? ...basically zip when it comes to these things. thanks for your help in advance! :o
Update your Panda Antivirus and run a full system scan
Run these free online scans as well:
http://www.trendmicro.com/en/home/us/enterprise.htm
http://www.ravantivirus.com/scan/indexie.php
1. Download and install Ad-Aware SE (http://www.lavasoftusa.com/software/adaware/), keeping the default options. However, some of the settings will need to be changed before your first scan
2. Close ALL windows except Ad-Aware SE
3. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window
A.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
B.) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
C.) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*Include addtional object information
*DESELECT - include negligible objects information
*Include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
D.) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘Finish’.
10. REBOOT to complete the removal of what Ad-Aware SE found
Before you can fix anything with hijackthis, it needs to be in it's own permanent folder. Part of the process of cleaning your system may involve deleting everything in temporary folders, which would cause you to loose your copy of hijackthis (and all the backups it makes) because you now have hijackthis in a temp folder. Please move it to a folder like c:\HJT\hijackthis.exe.
After you've done that, close all browser windows, scan with HJT, and post a new log in this thread (please copy and past instead of attaching it).
Run these free online scans as well:
http://www.trendmicro.com/en/home/us/enterprise.htm
http://www.ravantivirus.com/scan/indexie.php
1. Download and install Ad-Aware SE (http://www.lavasoftusa.com/software/adaware/), keeping the default options. However, some of the settings will need to be changed before your first scan
2. Close ALL windows except Ad-Aware SE
3. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window
A.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
B.) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
C.) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*Include addtional object information
*DESELECT - include negligible objects information
*Include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
D.) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘Finish’.
10. REBOOT to complete the removal of what Ad-Aware SE found
Before you can fix anything with hijackthis, it needs to be in it's own permanent folder. Part of the process of cleaning your system may involve deleting everything in temporary folders, which would cause you to loose your copy of hijackthis (and all the backups it makes) because you now have hijackthis in a temp folder. Please move it to a folder like c:\HJT\hijackthis.exe.
After you've done that, close all browser windows, scan with HJT, and post a new log in this thread (please copy and past instead of attaching it).
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
thanks for all the info. unfortunately i can't update Panda at the moment since it's only a downloaded trial version. i have, however, done another scan with Panda and Trendmicro, as suggested, & no infections-, but with the RAV i can't do it since i don't have administrative rights; -what does that mean and how can i set it to this status?
i'm about to download the Ad-Aware SE and follow ur steps. i'll let you know how it goes...
i'm about to download the Ad-Aware SE and follow ur steps. i'll let you know how it goes...
ok so i've run the Ad-Aware and it shows '6 objects removed' and '13 quarantined'. logs are saved.
here's the HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 12:39:31 PM, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Power Management\PwrGui.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\HJT\hijackthis.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader\Disk_Monitor.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerManagement] C:\Programme\Power Management\PwrGui.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
thanks again for your help!!
here's the HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 12:39:31 PM, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Power Management\PwrGui.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\HJT\hijackthis.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader\Disk_Monitor.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerManagement] C:\Programme\Power Management\PwrGui.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
thanks again for your help!!
I don't see anything serious in your log, are you still having problems?
Here are a few questionable things, have HJT fix these if you don't recognize/use them:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
As far as the admin rights go, I'm not really sure. Are you the only user on this computer?
Here are a few questionable things, have HJT fix these if you don't recognize/use them:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
As far as the admin rights go, I'm not really sure. Are you the only user on this computer?
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
yea these links are fine. R0 is my homepage and i've never had probs with this one. the others except for the last one concern the maker of my laptop. so the only thing left may be the error guard. should i try fixing this with HJT then?
thanks again for all of your help guys! ...i'm almost afraid to say that it may have something to do with having installed service pack 2 recently.
read this. it may be of some interest and/ or help to figuring out this problem.
http://story.news.yahoo.com/news?tmp...10/tc_nf/29577
http://www.eweek.com/article2/0,1759,1749993,00.asp
let me know of your opinions in this regard.
cheers!
p.s. and yes i am the sole user of this machine
thanks again for all of your help guys! ...i'm almost afraid to say that it may have something to do with having installed service pack 2 recently.
read this. it may be of some interest and/ or help to figuring out this problem.
http://story.news.yahoo.com/news?tmp...10/tc_nf/29577
http://www.eweek.com/article2/0,1759,1749993,00.asp
let me know of your opinions in this regard.
cheers!
p.s. and yes i am the sole user of this machine
•
•
•
•
Originally Posted by dlh6213
I don't see anything serious in your log, are you still having problems?
Here are a few questionable things, have HJT fix these if you don't recognize/use them:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
As far as the admin rights go, I'm not really sure. Are you the only user on this computer?
Go ahead and have HJT fix
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
A lot of people are turning to browsers other than IE, such as Firefox and Opera, because of the security flaws. You still need to keep IE, however, because it is the only way to get your Windows Updates.
If you're the only user on this PC, you should have admin rights. Is it XP Home?
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
A lot of people are turning to browsers other than IE, such as Firefox and Opera, because of the security flaws. You still need to keep IE, however, because it is the only way to get your Windows Updates.
If you're the only user on this PC, you should have admin rights. Is it XP Home?
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
all right. I've hijacked the errorguard link but the problem still remains....
it is XP home.
it is XP home.
•
•
•
•
Originally Posted by dlh6213
Go ahead and have HJT fix
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
A lot of people are turning to browsers other than IE, such as Firefox and Opera, because of the security flaws. You still need to keep IE, however, because it is the only way to get your Windows Updates.
If you're the only user on this PC, you should have admin rights. Is it XP Home?
|
Similar Threads
- Crackers for Christmas (or, How Did My Brand New Computer Get Infected Already?) (Viruses, Spyware and other Nasties)
- How to remove infected items from your _Restore folder (Viruses, Spyware and other Nasties)
- Infected with Spyware and Glophone (Viruses, Spyware and other Nasties)
- Should I delete the infected files??? (Viruses, Spyware and other Nasties)
- cmid32.dll infected with Trojan.Tofger and cant delete this file! (Web Browsers)
- infected, embedded object. (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: admilliserve.exe removal
- Next Thread: I hate oferoptimizer
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
