Tom's Guide | Tom's Hardware | Tom's Games | PC Safety Suite
 |
 |
 |
Comment:
PSW.X-virtrojan has infected my machine and I'm at a loss. I've read a few posts where some of you have been almost HERO-like in helping others in a similar predicament.
I'm pretty useless when it comes to computers, not my forte, probably why I'm here right now.
If any of you guys would be kind enough to walk me through what I will need to do, It would be so appreciated.
I think this is the first thing required...
Thanks in advance
Stuart
+1 |   |
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
+1 | |
There are a few steps to take to get rid of viruses, first turn off system restore, Restek web site
then you can do a virus scan in safemode.To boot into safemode restart the computer and as soon as you see the compaq logo start tapping the F8 key on your keyboard untill you see a bunch of options pop up on the screen. Now here your mouse will not work so with your up/down arrow keys on your keyboard select/highlight "SAFEMODE", and press enter select Windows XP then enter.
Make sure also you select Administrator, now your in safemode. Do a virus scan here.
If your computer says, "Printer out of Paper," this problem cannot be resolved by continuously clicking the "OK" button.
+1 | |
Hey guys...thank you both.
Jabuck,...forgot to mention I had got this 1st step ready, posting it now.
yellowbelt, will try that next.
thx again!
+1 | |
Logfile of HijackThis v1.99.1
Scan saved at 18:40:41, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\PCODEC\isamonitor.exe
C:\Program Files\PCODEC\pmsngr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PCODEC\pmmon.exe
C:\PROGRA~1\BTHOME~1\HELP\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\PCODEC\isamini.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.exe
C:\Program Files\Microsoft Office\Office\OSA.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\YAHOO!\browser\ybrowser.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
+1 | |
Please do not shut down system restore yet. You only posted part of a hijack this log, please post the rest of it.
+1 | |
Hey Jabuck, sorry, didn't see your last post, till now...
Is this any better?
Logfile of HijackThis v1.99.1
Scan saved at 23:38:38, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTHOME~1\HELP\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.exe
C:\Program Files\Microsoft Office\Office\OSA.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tiscali.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\HELP\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe
+1 | |
Forgot to add...that I ran SUPERAntispyware, a few hours back...and while some symptoms seem to have been picked up and erased...still the slowness is excruciating!
again...thanks in advance ;0)
+1 | |
Go to start>control panel> add/remove programs> and uninstall this program if you did not install it:
PartyPoker
Run Hijack This, cloase all windows and browsers except Hijack This then check the box to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1
- HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/R1
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
O9
- Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exeO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
Exit Hijack This
Please download ComboFix to the Desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the combofix.txt log
+1 | |
Hey jabuck, thanks for continuing to help me through this...it's appreciated!
Had a bit of trouble with this...a couple of times it told me there was nothing to display.
Anyways, not sure how much of this you needed, it's posted in full though.
Stu Jones - 06-09-06 18:08:38.89
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Stu Jones\DesktopMicrosoft Windows XP [Version 5.1.2600]
((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))
2006-09-05 18:31 0 --a------ C:\WINDOWS\system32\cmmgr32.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-06 18:05 275582 --a------ C:\Program Files\combofix.exe
2006-09-05 18:08 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-09-05 18:08 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\SUPERAntiSpyware.com
2006-09-05 18:07 5197088 --a------ C:\Program Files\SUPERAntiSpyware.exe
2006-09-05 18:07 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-04 13:16 17 --a------ C:\Program Files\stng260.opt
2006-09-04 13:06 -------- d-------- C:\Program Files\Hijackthis
2006-09-04 13:05 488144 --a------ C:\Program Files\HJTsetup.exe
2006-09-04 11:56 1144839 --a------ C:\Program Files\stng260.exe
2006-09-04 00:08 -------- d-------- C:\Program Files\SiteAdvisor
2006-09-04 00:08 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\SiteAdvisor
2006-09-04 00:03 -------- d-------- C:\Program Files\McAfee.com
2006-09-04 00:03 -------- d-------- C:\Program Files\Common Files\McAfee
2006-09-04 00:02 -------- d-------- C:\Program Files\McAfee
2006-09-03 23:54 591400 --a------ C:\Program Files\DMSetup.exe
2006-09-03 20:24 105984 --a------ C:\Program Files\vcleaner.exe
2006-09-03 19:43 -------- d-------- C:\Program Files\Support Tools
2006-09-03 12:51 9148872 --a------ C:\Program Files\PartyCasinoSetup.exe
2006-09-01 17:47 5895389 --a------ C:\Program Files\PartyPokerSetup.exe
2006-08-30 18:33 -------- d-------- C:\Program Files\Motive
2006-08-29 23:23 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\InterTrust
2006-08-27 02:15 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\Motive
2006-08-21 17:59 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\Sun
2006-08-21 17:48 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\Opera
2006-08-21 17:46 -------- d-------- C:\Program Files\Opera
2006-08-17 17:20 -------- d-------- C:\Program Files\btbb_wcm
2006-08-17 17:19 -------- d-------- C:\Program Files\Common Files\Motive
2006-08-17 12:19 -------- d-------- C:\Program Files\Java
2006-08-17 11:32 -------- d-------- C:\Program Files\Common Files\Java
2006-08-17 10:37 -------- d-------- C:\Program Files\CoralPoker
2006-08-14 16:26 37832 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-08-14 16:25 33928 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-08-14 16:25 31752 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-08-14 16:25 162504 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-08-14 13:00 104536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-08-13 19:57 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\instinctstu
2006-08-13 12:34 -------- d-------- C:\Program Files\PokerRoom.com
2006-08-12 08:14 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\Yahoo! Messenger
2006-08-05 23:31 -------- d-------- C:\Program Files\MSN Messenger
2006-08-05 13:50 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\Yahoo!
2006-08-04 00:20 69632 --a------ C:\WINDOWS\UnSetupBTYahooBTopenworld6.0.exe
2006-08-04 00:20 -------- d-------- C:\Program Files\BT Yahoo! Internet
2006-08-01 17:59 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-01 17:41 -------- d-------- C:\Program Files\The Creative Assembly
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-23 18:36 -------- d-------- C:\Program Files\PartyGaming
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 21:32 -------- d-------- C:\Documents and Settings\Stu Jones\Application Data\AOL
2006-07-20 21:30 -------- d-------- C:\Program Files\Viewpoint
2006-07-20 21:30 -------- d-------- C:\Program Files\Common Files\aolback
2006-07-20 21:29 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-07-20 21:29 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-07-20 20:32 -------- d-------- C:\Program Files\Tiscali
2006-07-16 16:16 -------- d-------- C:\Program Files\Toshiba
2006-07-08 15:46 84744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"YBrowser"="C:\\PROGRA~1\\YAHOO!\\browser\\ybrwicon.exe"
"BTopenworld"="\"c:\\program files\\bt yahoo! internet\\DialBTYahoo.exe\" /ReInstallAutoDial"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Motive SmartBridge"="C:\\PROGRA~1\\BTHOME~1\\HELP\\SMARTB~1\\BTHelpNotifier.exe"
"McLogLch_exe"="C:\\Program Files\\McAfee\\MSC\\McLogLch.exe"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Reminder"="C:\\Program Files\\Microsoft Money\\System\\reminder.exe"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.exe"[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.exe"[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODSContents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\SCANDISK.job
C:\WINDOWS\tasks\New Task.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\McDefragTask.job
Completion time: 06/09/2006 18:10:54.91
ComboFix.txt
+1 | |
If you did not install these then navigate to and delete these files:
C:\Program Files\PartyCasinoSetup.exe
C:\Program Files\PartyPokerSetup.exe
And these folders:
C:\Program Files\CoralPoker
C:\Program Files\PartyGaming
Is the computer still slow?
+1 | |
Hi Jabuck.
Been away for a while. Just wanted to say I followed all of your advice and my PC seems to have picked up it's speed....and virus appears to have gone.
Sorry it's taken me a while to thank you for your help, but it has been very much appreciated....keep up the good work!! :0)
Stuart
+1 | |
Hey Jabuck,
Just wanted to say thank you for your help with the virus my PC had.
I've been away, so I'm sorry it's taken a while to let you know your advice was much appreciated.Keep up the good work
Stuart
 |
 mswincom32.exe??? Help!
|
Need help w/ virus!
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
