Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

removing viruses


  • This topic is locked This topic is locked
37 replies to this topic

#1 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 27 February 2007 - 04:08 PM

Hello,

I've been working with Ax in the other Pc Problems forum on a problem with my TCP/IP and he has come to the conclusion that it is a virus and has asked me to come here and post a log file. he also told me to provide a link to the forum that we where working on. Any help would be wonderful.

http://forums.tomcoy...showtopic=76599

hope this was the link...


Here is the HijackThis log file.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:09 PM, on 2/27/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Documents and Settings\default\Desktop\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162288934386
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170002170050
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe


matthew

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 05 March 2007 - 04:38 PM

Hello and welcome to the forums

Please go HERE and do a online scan.
Let me know what is found.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now
    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select " "Quarantine" .".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions
    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
    results of the AVG Anti-Spyware report scan along with a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 06 March 2007 - 10:12 AM

LDTate, hello thank you for getting back to me. I included a link to the other forum where I am getting help about not being able to get on the internet. so is there another way to do what you need me to do? I can use another computer to get the programs but I will not be able to update. sorry for the difficulty. Matthew

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 06 March 2007 - 04:20 PM

Lets see if we can get the PC back on the internet. This file will fit on a floppy or thumb drive.

Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.

http://www.snapfiles...nsockxpfix.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 07 March 2007 - 09:26 AM

I ran the program that you wanted me to. It ran fine and restarted the computer. but I still can't get on the internet. Matthew

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 07 March 2007 - 06:12 PM

Click Start> Run> type in CMD tap enter key
Copy/Paste or type in: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.


Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then I clicked on NetBios over Tcpip

I would change that back. You don't want NetBios over Tcpip.

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Note: Do this for all Network Connections
Press OK twice to get out of the properties screen and reboot if it asks

If it still doesn't work:
Restart Windows and unplug/replug the power to the
router / modem and try it again.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 08 March 2007 - 08:54 AM

I got as far as ipconfig /flushdns and it came back with the message "Could not flush the DNS Resolver Cashe" Some Side notes.... When I clicked Start > Run > and typed in Devmgmt.msc . I clicked on view > show hidden devices and under Non Plug and Play Drivers I saw a yellow ! next to the Tcp/ip Protocol Driver. I also noticed that it was stopped and when I click on start it does nothing. NetBios over Tcpip is started and I can't get it to stop by clicking stop. I also noticed that there was a wincom32 driver and it has a yellow ! next to it and it is stopped also. Don't know if this helps or not just saw it and wanted to let you know. Being without a Home computer is very hard. :) Matthew

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 08 March 2007 - 09:56 AM

Try moving on to this: Then right click on your Default Connection Usually Local Area Connection for Cable and DSL Left click on Properties Double-Click on the Internet Protocol (TCP/IP) item Select the radio dial that says Obtain DNS Servers Automatically Note: Do this for all Network Connections Press OK twice to get out of the properties screen and reboot if it asks

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 08 March 2007 - 12:40 PM

I tried what you suggested and it still hasn't let me back on the net Matthew

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 08 March 2007 - 03:40 PM

Delete this file if found:
C:\Windows\System32\wincom32.sys

Reboot and let me know if it's working now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 09 March 2007 - 09:05 AM

I looked for that file that you said and I could not find it. I went to Start>Find> and typed in wincom32.sys making sure that I was in the C:\ drive. I don't Know if that would have found it or not? Matthew

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 09 March 2007 - 03:28 PM

Start> Search> All Files and Folders and type in wincom32

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 11 March 2007 - 12:23 PM

Im Sorry yes that is what I did and it did not find that file. Matthew

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 11 March 2007 - 12:33 PM

OK. When you looked in Device Manager you said a couple things had Yellow marks next to them?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 lilguy27

lilguy27

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 11 March 2007 - 01:33 PM

wincom32 driver and Tcp/ip Protocol Driver. They where both stopped and clicking start did nothing. Matthew

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users