Helllp
I'm not sure what has happened but when i try and open windows tasjk manager it opens real quick and closes and the same thing happes with msonfig
What has gone wrong?
Please someone help.:sad:
raa4
0
Light Poster
Recommended Answers
Jump to PostOh *groan*- I see now that you're making my life as a moderator rather difficult.
You have two concurrent threads going on regarding the same problem (which is something that our posting guidelines prohibit), I've just responded to both, and now I'm going to have to merge them …
Jump to PostCan you tell us where Spyware Doctor says the trojan is located?
Yes, do that if you can please. Your latest log looks clean, but HijackThis isn't designed to detect all types of infections, so you may still have something lurking in your system.
Also install the latest updates …
Jump to Post1. Turn off System Restore; instructions and explanation are here.
2. Follow the trojan removal instructions given in this Microsoft article:
http://support.microsoft.com/?scid=kb;en-us;897079
3. Run the AVG and Spyware Doctor …
Jump to PostGlad we could help you get it sorted :)
Jump to PostHi, I've been having the same problem with that virus, and I followed your directions, and the virus is still there. It's a persistant little thing. Here are the stats on it:
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Hacktool.Rootkit
File: C:\Documents and Settings\Jeff\msdirectx.sys
Location: Quarantine
…
All 38 Replies
Drew
14
Junior Poster
Run a virus scan and spyware scan recently? :)
raa4
0
Light Poster
i've done both and its still not made a adifference also my internet explorer is running real slow, like if i type an address in the address bar it takes ages to load yet when i do it through my homepage google it displays straight away.
Sp2 won't download.
Basically i got my computer back from the factory today so it was completely bare so i connected it to the internet to install sp2, avg virus scanner, and ad-aware then all these problems started.
Would a anti hijacker help? coz that was sorted out my comppter last year when i had loads of probs.
raa4
0
Light Poster
in addition its a nightmare to download anything
everytime i do it says it hasto close or nothing happens
nanosani
20
Technize.net addict
Team Colleague
I think you've been hijacked .... post your hijackthis log in spyware and nasties forum and you'll get an appropriate response.
nanosani
20
Technize.net addict
Team Colleague
raa4
0
Light Poster
where's the spyware and nasties forum?
nanosani
20
Technize.net addict
Team Colleague
caperjack
875
I hate 20 Questions
Team Colleague
i've done both and its still not made a adifference also my internet explorer is running real slow, like if i type an address in the address bar it takes ages to load yet when i do it through my homepage google it displays straight away.
Sp2 won't download.Basically i got my computer back from the factory today so it was completely bare so i connected it to the internet to install sp2, avg virus scanner, and ad-aware then all these problems started.
Would a anti hijacker help? coz that was sorted out my comppter last year when i had loads of probs.
If you mean it only had winxp ,and no security updates ,you mostlikely go the blaster worm .try the removal tool here
Microsoft
raa4
0
Light Poster
my computer won't run any software so i cant use hijack this, or this link http://www.dougknox.com/xp/utils/xp_emerutils.htm what shall i do?
raa4
0
Light Poster
this is the most i could do in the 1sec it was open
Logfile of HijackThis v1.97.7
Scan saved at 01:03:47, on 19/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\wincontrol32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\winscp.exe
C:\WINDOWS\System32\micront.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\itunes.exe
C:\WINDOWS\gah32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\gah32.exe
C:\Documents and Settings\Ruth Ankrah\My Documents\Computer Programs\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Win SCP] winscp.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\gah32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\RunServices: [Win SCP] winscp.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O4 - HKCU\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
raa4
0
Light Poster
Scan saved at 01:35:11, on 19/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\gah32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
raa4
0
Light Poster
Scan saved at 01:35:11, on 19/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\gah32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...all/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
raa4
0
Light Poster
Is there something on here that is causing me trouble?
Evertime i send on my computer i get a message from AVG that i have a trojen so i send it to the virus vault but its the same trojen every time and it cannot be healed.
Since my computer has been back from the factory it has downloaded viruses so i cannot download programs exept form the ones that i managed to get before they downloaded themselves on my computer. So i'm not sure whats wrong.
I have win xp and ahve done both a virus check and spyware check and nothing has changed.
Please help???:sad:
Scan saved at 01:35:11, on 19/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\gah32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.co...all/xscan60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
raa4
0
Light Poster
Please please please, can no one help?
raa4
0
Light Poster
I have the trojan horse collected.5.L and AVG or adaware won't get rid of it, i know this is the problem.
caperjack
875
I hate 20 Questions
Team Colleague
DMR
152
Wombat At Large
Team Colleague
A few things:
1. That log looks very short; were you running in Safe Mode when the HijackThis scan? If so, please try to post a log generated while booted into Windows normally.
2. C:\Program Files\Internet Explorer\IEXPLORE.EXE
The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.
3. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:
Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.
4. Please post the specific information from AVG's reports concerning the exact name of the trojan it detects and the location(s) of the infected file(s).
raa4
0
Light Poster
i cant do this as the virus won't let me open the program
raa4
0
Light Poster
i've done trend micro and it doesn't even register that i have a virus and the same goes with panda scan
Every time i delete the file from my redegit and turn off my compuer they re-install and avg says i still have the file msdirectx.sys which is said to contain the virus
DMR
152
Wombat At Large
Team Colleague
1. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:
Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.
2. Once you've taken care of the above, run HJT again and have it fix:
O4 - HKLM\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\Run: [Required Service Drivers] micront.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\gah32.exe
O4 - HKLM\..\RunServices: [Windows_Protect] wincontrol32.exe
O4 - HKLM\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- Locate and delete the following files:
wincontrol32.exe
micront.exe
itunes.exe
C:\WINDOWS\gah32.exe
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5
- Delete the entire content of your C:\Windows\Temp folder.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
4. Reboot normally, run HJT again, and post a fresh log.
DMR
152
Wombat At Large
Team Colleague
i cant do this as the virus won't let me open the program
Which program?
Please clarify:
- Was HJT run in Safe Mode or normal mode?
- Is it HJT or AVG that you cannot open?
DMR
152
Wombat At Large
Team Colleague
Oh *groan*- I see now that you're making my life as a moderator rather difficult.
You have two concurrent threads going on regarding the same problem (which is something that our posting guidelines prohibit), I've just responded to both, and now I'm going to have to merge them together. (Did I mention that I hate thread merges and splits?) :mrgreen:
Oh well- here we go...
raa4
0
Light Poster
i was running two threads becoz someone told me to post hijack this in another section
then it was moved by someone so i was unaware, just doing what i was told
i downloaded hijack this in safemode and in temporary files as previously my compuer would not let me download or save anything
sometimes i cant even view this thread
I'm gonna see if i have hijack this on disk
DMR
152
Wombat At Large
Team Colleague
No problem with move/split stuff- I was just kidding.
Try to give us a HJT log generated while you're booted into Windows normally (not safe mode). Also remember what I posted earlier about making sure that HJT is not running from any temp folder, and that Internet Explorer is entirely closed down while you're working with HJT.
raa4
0
Light Poster
Oh ok sorry, i wasnt sure, anyway,
I did what you said to do and this is my log for some reason though itunes.exe and gah32.exe weren't there anymore
Logfile of HijackThis v1.99.1
Scan saved at 22:00:50, on 20/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Documents and Settings\Ruth Ankrah\My Documents\Computer Programs\hijackthis\HijackThis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
raa4
0
Light Poster
Spydoctor still says that i have a trojan although task manager is working now
evertime i try and delete the msdirectx file from my computer regestry it re-installs itself
raa4
0
Light Poster
Thank you very much for fixing my task manager.
DMR
152
Wombat At Large
Team Colleague
Yes, you do still show signs of infections.
I need to log off for the day, but hopefully one of our other members will pick up on this until I can return.
dlh6213
27
Posting Maven
Team Colleague
This thread had already been marked as 'Solved', before the merge, and there was another thread already started; I'm not going to bother merging that one, but if anyone wants to have a look at it, it's here: http://www.daniweb.com/techtalkforums/showthread.php?t=22288
I've taken the 'Solved' mark off of this one for now.
Scan with hijackthis and have it fix the following:
O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKCU\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
Be sure all windows, other then hijackthis, are closed before hitting the Fix button
Go to the following location and delete the highlighted file:
C:\WINDOWS\System32\lpt.exe
Do a search on your system for the following files and delete any instances found:
wincontrol32.exe
micront.exe
Empty your Recycle Bin and reboot
Close any open browser windows, scan with HJT, and post a new log please.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.