Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default HELP:Expert advice is required Please. Infected Big Time!

    First off I would like to start off with a big thank you to pcworld mag (NZ) May Issue
    for suppling an excellent mag with free cd software programs.
    I have finally found a software program that actually has located
    some of the problems that Ive been infected with.

    Ive been trying to fix whats wrong with my pc xp home edition (stand alone)
    since October last year when things went horribly wrong.
    After 1001 recoverys I think we may be on to something in a little program
    called a squared hijack free.

    I would really appreciate it if an expert would be able to help me
    get control of my pc again.

    Also before you suggest that I windows update (again)...
    I would like to point out that: I have numerous times
    It may or may not be the right settings for this pc [ update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us ]
    Is what is displayed in my address box.
    However avast websheild displays
    [ update.microsoft.com/windowsupdate/v6/ shared.js/redirect... ]
    which may explain why after every time I windows update
    things go haywire from then on.
    Dial up internet connect disconnecting is just the first of many problems that I experience.
    The wizard will always selects use default gateway on a remote network???
    I think my recovery has been corrupted somehow I use my dvds and select F which is reinstall hard drive to factory settings.
    It however is not doing that because It loads files I put on much much later.
    And the default settings are always set to share everything with a domain network???
    The first thing I load is avast 4.8 home edition which immediately finds adaware in setup files.
    and malwarebytes finds a hijacked web ie webpage???

    So if someone out there in internet world would be kind enough to take a look at
    http://analyze.hijackfree.com/analyz...5-d4cde4417418
    I will be forever greatful to you.
    I just dont know what else to do as spybot. Malwarebytes, Mrt.exe, avast, superanti spyware free...etc are not finding any of these things for me.
    P.S. You will see all the version information about my pc there...software, setups, operating system etc etc etc...

    Regards MCB, New Zealand.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,854

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    Paste the log here, it'll be easier to read

  3. #3
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    Hey its speedy!!! Wats up!
    you are the man!!!
    Okay hope this works
    here u go...

    a-squared HiJackFree Analysisa-squareda-squared HiJackFree Analysis
    www.hijackfree.com

    Version info: Result ToDo
    Your used version of a-squared HiJackFree: 3.1.0.19
    The current version of a-squared HiJackFree: 3.1.0.16

    Your used operating system version: Windows XP Service Pack 2
    The current version of your operating system: Windows XP Service Pack 3
    Please update your operating system and install the latest service pack!
    Registry Autoruns: Result ToDo
    Name: avast!
    Path: C:\Program Files\ALWILS~1\Avast4\ashDisp.exe
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Good: 4 - Bad: 0
    View Details
    Name: @OnlineArmor GUI
    Path: C:\Program Files\Tall Emu\Online Armor\oaui.exe
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Good: 1 - Bad: 0
    View Details
    Name: MSConfig
    Path: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Good: 2 - Bad: 15
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: SpybotSD TeaTimer
    Path: C:\Program Files\Spybot
    Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Good: 1 - Bad: 0
    View Details
    Tricky and Other Autoruns: Result ToDo
    Name: shell
    Path: Explorer.exe
    Location: system.ini
    Not checked Unknown Item
    Search at Google
    Name: NUL
    Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\VIES105F
    Location: wininit.ini
    Not checked Unknown Item
    Search at Google
    Name: SET BLASTER
    Path: A220 I5 D1 P330 T3
    Location: autoexec.nt
    Not checked Unknown Item
    Search at Google
    Name: dos
    Path: high, umb
    Location: config.nt
    Not checked Unknown Item
    Search at Google
    Name: device
    Path: %SystemRoot%\system32\himem.sys
    Location: config.nt
    Not checked Unknown Item
    Search at Google
    Name: files
    Path: 40
    Location: config.nt
    Not checked Unknown Item
    Search at Google
    Name: device
    Path: C:\Program Files\ALWILS~1\Avast4\aswmonds.sys
    Location: config.nt
    Not checked Unknown Item
    Search at Google
    Name: SA
    Path:
    Location: C:\WINDOWS\tasks\
    Not checked Unknown Item
    Search at Google
    Name: User_Feed_Synchronization-{195C3F8F-2ECF-4ED4-A406-759D64C387E0}
    Path:
    Location: C:\WINDOWS\tasks\
    Not checked Unknown Item
    Search at Google
    Name: Shell
    Path: Explorer.exe
    Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    Not checked Unknown Item
    Search at Google
    Name: $LT;{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    Path: C:\WINDOWS\system32\ieudinit.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
    Path: C:\WINDOWS\system32\ie4uinit.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}
    Path: C:\WINDOWS\system32\rundll32.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
    Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    Path: C:\WINDOWS\system32\shmgrate.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    Path: C:\WINDOWS\system32\regsvr32.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    Path: C:\Program Files\Outlook Express\setup50.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    Path: rundll32.exe advpack.dll
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
    Path: regsvr32.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
    Path: C:\WINDOWS\system32\ie4uinit.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
    Path: C:\WINDOWS\system32\Rundll32.exe
    Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
    Not checked Unknown Item
    Search at Google
    Name: VBScript Script File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: VBScript Encoded Script File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: JScript Script File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: JScript Encoded Script File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: Windows Script Host Settings File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: Windows Script File
    Path: C:\WINDOWS\System32\WScript.exe
    Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: Application
    Path: %1
    Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: MS-DOS Application
    Path: %1
    Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: MS-DOS Batch File
    Path: %1
    Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: Screen Saver
    Path: %1
    Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: Shortcut to MS-DOS Program
    Path: %1
    Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
    Not checked Unknown Item
    Search at Google
    Name: PostBootReminder
    Path: C:\WINDOWS\system32\SHELL32.dll
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
    Not checked Unknown Item
    Search at Google
    Name: CDBurn
    Path: C:\WINDOWS\system32\SHELL32.dll
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
    Not checked Unknown Item
    Search at Google
    Name: WebCheck
    Path: C:\WINDOWS\system32\webcheck.dll
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
    Not checked Unknown Item
    Search at Google
    Name: SysTray
    Path: C:\WINDOWS\system32\stobject.dll
    Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
    Not checked Unknown Item
    Search at Google
    Layered Service Providers (LSP): Result ToDo
    Name: mswsock.dll
    Path: %SystemRoot%\system32\
    Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\
    Good: 1 - Bad: 0
    View Details
    Name: rsvpsp.dll
    Path: %SystemRoot%\system32\
    Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\
    Good: 1 - Bad: 0
    View Details
    Explorer And Browser Addons: Result ToDo
    Name: AskBar BHO
    Path: C:\Program Files\AskBarDis\bar\bin\askBar.dll
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
    ClsID: {201f27d4-3704-41d6-89c1-aa35e39143ed}
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Name: Spybot-S+D IE Protection
    Path: C:\Program Files\SPYBOT~1\SDHelper.dll
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
    ClsID: {53707962-6F74-2D53-2644-206D7942484F}
    Good: 1 - Bad: 0
    View Details
    Name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
    ClsID: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Name: URL Exec Hook
    Path: shell32.dll
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
    ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Name: SABShellExecuteHook Class
    Path: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
    ClsID: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Name: OA Shell Helper
    Path: C:\Program Files\TALLEM~1\ONLINE~1\oaevent.dll
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
    ClsID: {4F07DA45-8170-4859-9B5F-037EF2970034}
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Running Processes: Result ToDo
    Name: [System Process]
    Process ID: 0
    Path:
    Info: Threads: 1 - Priority: N/A - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: System
    Process ID: 4
    Path:
    Info: Threads: 65 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: explorer.exe
    Process ID: 348
    Path: C:\WINDOWS\Explorer.EXE
    Info: Threads: 11 - Priority: Normal - Visible: No
    Good: 2 - Bad: 1
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: smss.exe
    Process ID: 384
    Path: C:\WINDOWS\System32\smss.exe
    Info: Threads: 3 - Priority: Normal - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: csrss.exe
    Process ID: 440
    Path: C:\WINDOWS\system32\csrss.exe
    Info: Threads: 11 - Priority: Normal - Visible: No
    Good: 1 - Bad: 3
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: winlogon.exe
    Process ID: 464
    Path: C:\WINDOWS\system32\winlogon.exe
    Info: Threads: 18 - Priority: High - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: services.exe
    Process ID: 508
    Path: C:\WINDOWS\system32\services.exe
    Info: Threads: 15 - Priority: Normal - Visible: No
    Good: 1 - Bad: 3
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: lsass.exe
    Process ID: 520
    Path: C:\WINDOWS\system32\lsass.exe
    Info: Threads: 14 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: oaui.exe
    Process ID: 628
    Path: C:\Program Files\Tall Emu\Online Armor\oaui.exe
    Info: Threads: 9 - Priority: Normal - Visible: No
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Submit new process info
    Name: svchost.exe
    Process ID: 672
    Path: C:\WINDOWS\system32\svchost.exe
    Info: Threads: 5 - Priority: Normal - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: svchost.exe
    Process ID: 728
    Path: C:\WINDOWS\system32\svchost.exe
    Info: Threads: 11 - Priority: Normal - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: svchost.exe
    Process ID: 768
    Path: C:\WINDOWS\System32\svchost.exe
    Info: Threads: 47 - Priority: Normal - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: ashDisp.exe
    Process ID: 812
    Path: C:\Program Files\ALWILS~1\Avast4\ashDisp.exe
    Info: Threads: 7 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: oasrv.exe
    Process ID: 880
    Path: C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    Info: Threads: 42 - Priority: High - Visible: No
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Submit new process info
    Name: aswUpdSv.exe
    Process ID: 1016
    Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    Info: Threads: 3 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: ashServ.exe
    Process ID: 1072
    Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe
    Info: Threads: 30 - Priority: High - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: TeaTimer.exe
    Process ID: 1156
    Path: C:\Program Files\Spybot
    Info: Threads: 3 - Priority: Idle - Visible: No
    Good: 2 - Bad: 0
    View Details
    Name: svchost.exe
    Process ID: 1352
    Path: C:\WINDOWS\system32\svchost.exe
    Info: Threads: 4 - Priority: Normal - Visible: No
    Good: 1 - Bad: 2
    View Details Requires Attention!
    Compare details with your local values
    and/or search at Google
    Name: LSSrvc.exe
    Process ID: 1424
    Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    Info: Threads: 2 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: firefox.exe (Software Update)
    Process ID: 1456
    Path: C:\Program Files\Mozilla Firefox\firefox.exe
    Info: Threads: 14 - Priority: Normal - Visible: Yes
    Good: 1 - Bad: 0
    View Details
    Name: oacat.exe
    Process ID: 1544
    Path: C:\Program Files\Tall Emu\Online Armor\oacat.exe
    Info: Threads: 5 - Priority: High - Visible: No
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Submit new process info
    Name: wdfmgr.exe
    Process ID: 1624
    Path: C:\WINDOWS\system32\wdfmgr.exe
    Info: Threads: 4 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: ashWebSv.exe
    Process ID: 1740
    Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    Info: Threads: 18 - Priority: Normal - Visible: No
    Good: 1 - Bad: 0
    View Details
    Name: oahlp.exe
    Process ID: 1756
    Path: C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    Info: Threads: 4 - Priority: Normal - Visible: No
    Good: 0 - Bad: 0
    Unknown Item
    Search at Google
    Submit new process info
    Name: a2hijackfree.exe (a-squared HiJackFree 3.1)
    Process ID: 3856
    Path: C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
    Info: Threads: 10 - Priority: Normal - Visible: Yes
    Good: 1 - Bad: 0
    View Details
    This analysis is saved and available for at least 7 days at this website address.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,854

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    Use hijackthis not A-squared

    If it doesnt work in normal windows do it in safe mode

  5. #5
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,666

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    Thats close but not an actual Hijack Log.

    From Speedys Signature, download and run Hijackthis - when it opens, select Scan and save a log file.
    When finished It will open in Notepad, Ctrl + A to copy all , then back here, Ctrl + V to paste the complete log.

  6. #6
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    i have used hijack this before but it useless compared to asquared. asquared is telling me i have worms and trojans by the dozens. On that web page i posted.
    (Ive only copied the web page but it doesnt display everything when copied.)
    Im looking for the log in the program itself but i cant find it as its only saved it to the web page it created.
    The thing with downloading is i never know what im really getting.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  7. #7
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,666

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    i have used hijack this before but it useless compared to asquared
    Its only useless if you dont know how to read it, and dont know how to use it.

    If you want help then I'd suggest you at least try to follow any advice , that you have been asked to present - other wise its highly likely you wont get any help.

    Edited: just for the record Asquared is crap - seen many PC's that are infected and it has Asquared installed.

  8. #8
    Senior Member Blam's Avatar
    Join Date
    Apr 2008
    Posts
    7,382

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    It is not useless-it is a very useful tool.

    Running it will not do anything, you must remove the entries and know how to read it.

    It will provide us with vital information one what may have infected you and what maybe causing your problems.

    Please post the log here for analysis.


    Blam


  9. #9
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    Okay guys here it is
    once again it doesnt tell me what ive been infected with
    like asquared has listed the names of the worms and trojans
    which i will go and try and paste here shortly.
    Back soon

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:10:44 a.m., on 4/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Tall Emu\Online Armor\oacat.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/MyTradeMe/Buy/Watchlist.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.trademe.co.nz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dvdvideosoft.com/r/AfterInstall.htm
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario &pf=laptop
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A049996-C61E-4441-8E9D-C0B09A292F64}: NameServer = 203.97.78.43 203.97.78.44
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

    --
    End of file - 5296 bytes
    Last edited by iammcb; 04-05-2009 at 11:20 AM.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  10. #10
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: HELP:Expert advice is required Please. Infected Big Time!

    hey guys sorry for not agreeing with you about hijack this
    its not personal its just not really good for people like myself who dont know what they are meant to do.
    where as asquared tells me this information:
    and this is just one link.
    theres more i will post soon.

    a-squared HiJackFree Analysisa-squaredName: MSConfig
    Good: 2
    Bad: 15

    Status Name Command Description
    N MSConfig msconfig.exe Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
    X MSConfig MSCONFIG32.EXE Added by the SPYBOT.B WORM!
    X msconfig msconfig.exe CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
    X Msconfig msconfig.exe Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\
    X msconfig wins.exe Added by the RBOT.PF WORM!
    X MSConfig MSCONFIG35.EXE Added by a variant of the SPYBOT WORM!
    X msconfig scvhost.exe Added by the AGENT-DSF TROJAN!
    X msconfig winlog.exe Added by the IRCBOT-TJ TROJAN!
    X Msconfig icpldrvx.exe Added by the BANLOAD.BFT TROJAN!
    X msconfig msconfig.com Added by the IRCBOT-SM WORM!
    X msconfig msconfig.bat Added by the PAHATIA.B WORM!
    X Msconfig lptt01 msconfig.exe RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name
    X Msconfig ml097e msconfig.exe RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name
    N MSConfigReminder msconfig.exe Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
    X msdev msconfig.exe Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
    X Microsoft Java Virtual Machine MsConfiG.exe Added by the FORBOT-DV WORM!
    X winrun msconfig.exe Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\


    "Y" - Normally leave to run at start-up
    "N" - Not required - typically infrequently used tasks that can be started manually if necessary
    "U" - User's choice - depends whether a user deems it necessary
    "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
    "?" - Unknown
    Autorun information provided by http://www.sysinfo.org
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

Similar Threads

  1. Whats my friend been infected with this time?
    By Chilling_Silence in forum PressF1
    Replies: 14
    Last Post: 29-05-2008, 10:04 PM
  2. Expert advice . (Speedy et al)
    By JJJJJ in forum PressF1
    Replies: 1
    Last Post: 03-12-2007, 02:29 PM
  3. Expert advice requested
    By JJJJJ in forum PressF1
    Replies: 13
    Last Post: 22-10-2004, 10:41 AM
  4. Gigabyte Motherboard Advice Required.
    By Steve Askew in forum PressF1
    Replies: 13
    Last Post: 21-07-2003, 07:53 PM
  5. New Mobo required - advice please
    By Graham Petrie in forum PressF1
    Replies: 10
    Last Post: 18-01-2003, 09:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •