|
11-20-2007, 12:47 PM
| #1 (permalink) |
| Gunzfactorian Commando |  Please help me I keep getting a pop up in my tasbar. A yellow triangle with a black ! mark inside. Kpees giving me "criticial system errors" "Your infected with X type of worm" I have 2 desktop icons on my desktop called Live Safety Centre and Online Security Guide. Its slowing my pc down. i did a scan with super anti spyware in safe mode, removed everything and it came back a few days later. Here is my HijackThis log file: Logfile of HijackThis v1.99.1 Scan saved at 17:44:00, on 20/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.234\Hi jackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers & more R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HP United States - Computers, Laptops, Servers, Printers & more R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = HP United States - Computers, Laptops, Servers, Printers & more R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = HP United States - Computers, Laptops, Servers, Printers & more R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Tiscali UK. Information, entertainment, broadband, email and internet access. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = HP United States - Computers, Laptops, Servers, Printers & more R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {00bcb152-4414-6aca-e174-0f5500422609} - {90622400-55f0-471e-aca6-4144251bcb00} - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\bycunvvo.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jvifyzns.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jvifyzns.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194794135437 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c003A6E2.dat O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: jvifyzns - C:\WINDOWS\SYSTEM32\jvifyzns.dll O20 - Winlogon Notify: lknvrako - lknvrako.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe Please help me... Gamezman |
|  |
|
11-20-2007, 07:23 PM
| #2 (permalink) |
| Moderator  | Re: Please help me I've looked through this really quick and didn't find anything particularly odd. It's almost impossible to tell, though. One thing you could do is take the name of every file you see in here and look it up on google. That'll tell you what each file is and what it does. This is a rather long process, though, and I think a more sure way is to download the free trial of Norton Antivirus and do a full system scan. This may take a couple of hours, but eventually it should find any worm/virus/trojan you may have. Once you dispose of this you can delete Norton (because it sucks, although it's good at finding the infections). Are you currently running any sort of firewall or antivirus software? |
| |
|
11-22-2007, 07:26 PM
| #4 (permalink) | |
| Moderator  Join Date: Mar 2006 Location: Miami, Florida
Posts: 3,979
    | Re: Please help me Quote:
Edit: Before I can help you, I need you to download an Antivirus. If not, anything I may tell you to do will ultimately be useless. Google "AVG Antivirus" and download it. Once you've completed at least 1 scan while in safe mode, post a new HiJackThis log. | |
|
| |
 |
| Thread Tools | |
| |
Re: Please help me 
