Jump to content


Photo

Please Help my pc is ruined


  • Please log in to reply
4 replies to this topic

#1 Chris Kelly

Chris Kelly

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 13 June 2004 - 04:52 PM

Hello all, I've nothing left but to request your help, I'm using spyware s&d and CWShredder im still infected with this:

http://www.v61.com/c.../processor?cool
http://www.v61.com/c.../processor?vage

pops up when I click on links, and I have use back and re click just to navigate this site, not to mention random bloody pop ups of Justin Timberlake and other ads.

Here is my Hijack this log. I really appreciate any help you can give me. I will stop messing with my log until you tell me to change it:

Logfile of HijackThis v1.97.7
Scan saved at 22:49:36, on 13/06/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\zipudl.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\system32\wintime.exe
C:\WINNT\System32\internat.exe
C:\docume~1\chris\applic~1\explore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\webshots.scr
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotbot.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70504753-76DA-418A-8031-72E0ED04035C} - C:\WINNT\System32\cjdpla.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [uswwuqfw] C:\WINNT\wnqmco.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINNT\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rcigmykibm] C:\WINNT\System32\zipudl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinTime] C:\WINNT\system32\wintime.exe
O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\mstasks2.exe /u
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe
O4 - HKCU\..\Run: [System Update2] c:\docume~1\chris\applic~1\taskmon.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [System Update4] c:\docume~1\chris\applic~1\explore.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: Homepage (HKCU)
O9 - Extra button: BT (HKCU)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33EA67A2-048D-45CC-B797-17B49C57102E}: NameServer = 194.72.9.44 194.74.65.85

:whistle:

Please help,
Chris.

#2 Chris Kelly

Chris Kelly

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 14 June 2004 - 01:35 AM

bump

#3 Chris Kelly

Chris Kelly

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 14 June 2004 - 04:48 PM

bump

#4 Chris Kelly

Chris Kelly

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 15 June 2004 - 07:17 PM

bump



-come on fellas :wave:

#5 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 16 June 2004 - 02:14 PM

First, uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll
O2 - BHO: (no name) - {70504753-76DA-418A-8031-72E0ED04035C} - C:\WINNT\System32\cjdpla.dll

O4 - HKLM\..\Run: [uswwuqfw] C:\WINNT\wnqmco.exe
O4 - HKLM\..\Run: [rcigmykibm] C:\WINNT\System32\zipudl.exe
O4 - HKLM\..\Run: [WinTime] C:\WINNT\system32\wintime.exe
O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\mstasks2.exe /u
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe
O4 - HKCU\..\Run: [System Update2] c:\docume~1\chris\applic~1\taskmon.exe
O4 - HKCU\..\Run: [System Update4] c:\docume~1\chris\applic~1\explore.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe

O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab

Reboot, and delete

files
C:\WINNT\wnqmco.exe
C:\WINNT\System32\zipudl.exe
C:\WINNT\system32\wintime.exe
C:\WINNT\mstasks2.exe
C:\WINNT\System32\services\msxmidi.exe
c:\docume~1\chris\applic~1\taskmon.exe
c:\docume~1\chris\applic~1\explore.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button