Jump to content
Join Sheffield Forum for FREE and join in the discussion! ×
Join Sheffield Forum for FREE and join in the discussion!

A virus..can you help me please.

By banjodeano in Computer & Tech Chat

Recommended Posts

banjodeano    31

banjodeano
Posted

.

============== Running Processes ================

.

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2004933

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program files\messenger\Msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe

mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:36

uPolicies-System: NoAdminPage = 1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Free YouTube Download - c:\documents and settings\janet\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f0b48acf004345e0a40986589c46f466

IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f0b48acf004345e0a40986589c46f466

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= MsgPlusLoader.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 housecall.trendmicro.com

Hosts: 127.0.0.1 http://www.spywareinfo.com

.

================= FIREFOX ===================

 

---------- Post added 28-12-2012 at 19:55 ----------

 

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\janet\application data\mozilla\firefox\profiles\3q25zt7a.default user\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - eBay.co.uk

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\NPPTOOLS.DLL

.

============= SERVICES / DRIVERS ===============

.

R? aswFsBlk;aswFsBlk

R? aswSnx;aswSnx

R? aswSP;aswSP

R? avast! Antivirus;avast! Antivirus

R? ggflt;SEMC USB Flash Driver Filter

R? HTCAND32;HTC Device Driver

R? htcnprot;HTC NDIS Protocol Driver

R? PassThru Service;Internet Pass-Through Service

R? s115bus;Sony Ericsson Device 115 driver (WDM)

R? s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface

R? SASDIFSV;SASDIFSV

R? SASENUM;SASENUM

R? SASKUTIL;SASKUTIL

R? Symantec Core LC;Symantec Core LC

.

=============== Created Last 30 ================

.

2012-12-27 20:06:06 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-12-26 21:42:45 192512 ----a-w- c:\documents and settings\janet\wgsdgsdgdsgsd.dll

.

==================== Find3M ====================

.

2012-11-12 20:44:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-12 20:44:09 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-12 20:44:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-12 20:44:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 19:26:36.14 ===============

Share this post

Link to post
Share on other sites

waddler8    10

waddler8
Posted

Post the header information found above:

 

============== Running Processes ================

Share this post

Link to post
Share on other sites

banjodeano    31

banjodeano
Posted

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL

Internet Explorer: 7.0.6000.17055 BrowserJavaVersion: 10.9.2

Run by janet at 19:23:59 on 2012-12-28

.

============== Running Processes ================

.

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

Share this post

Link to post
Share on other sites

waddler8    10

waddler8
Posted

Great, now to move on to the fix - It's more or less the same procedure but you'll be running combofix. Let me know if you have problems at any stage during this.

 

Using another computer, go here and read through the instructions for downloading and running ComboFix:

 

Bleeping Computer ComboFix Tutorial

 

Using the other computer, download Combofix and save it to your USB memory stick

 

Restart the computer, press F8 continually until you reach the Advanced Boot options menu. Choose Safe mode with command prompt.

 

When it loads, log onto your normal administrator account & at the command prompt type explorer - This will open Windows Explorer. Plug in the USB drive and navigate to Combofix

 

  • Double click combofix.exe & follow the prompts closely.
  • Combofix may reboot the computer - allow it to reboot normally.
  • When it's finished, it'll produce a log. Save the log to the USB stick and post the contents of that log here.
  • It'll also be found on your C:\ drive named combofix.txt

 

Above all, BE PATIENT! and let it run it's course.

Share this post

Link to post
Share on other sites

Epic Fail    10

Epic Fail
Posted

Seeing as you've got another computer, you could just backup your data and run a factory recovery. Job done.

Share this post

Link to post
Share on other sites

banjodeano    31

banjodeano
Posted

ok...it hit a problem...it needed the internet to look for a certain file that was missing...it can not get ontothe internet,prob because its in safe mode.....its aborting but still looking for malware

Share this post

Link to post
Share on other sites

banjodeano    31

banjodeano
Posted

now it say........

a problem has been detected....windows has been shut down to prevent damage....

plug and play detected an error most likely caused by a faulty driver;;;etc etc...

 

---------- Post added 28-12-2012 at 21:00 ----------

 

it seems like it all frozen.....

Share this post

Link to post
Share on other sites

banjodeano    31

banjodeano
Posted
What stage was it at? Numbered #1 - #50

 

prob stage five or something,...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Close   I accept