MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: please help with computer problem! (Hijackthis report inside)
November 22, 2019, 03:59:37 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 03:59:37 AM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: please help with computer problem! (Hijackthis report inside)  (Read 1019 times)
onyxserpent
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 4


Bookmark and Share

View Profile
« on: March 24, 2006, 05:47:43 PM »

Ok, when it comes to spyware/viruses and all that junk, I'm not that well educated.
 I do have Spybot/CWshredder/HijackThis/Adware and I read the "sticky" on what to do before you post your log. I tried everything, including safe mode but my computer still has been acting up recently. I now have programs on my computer that I never installed. I get pop ups, which make everything else go extremely slow. I just don't know what to do...

If you need any more info to help me, I'll definitely answer any questions you may have.. Here is my Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:45:43 PM, on 3/24/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VGhlIEplZGkgTWFzdGVy\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\outlook\outlook.exe
C:\mousepad1.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms04593238069.exe
C:\Program Files\Ysfn\Hzbyo.exe
C:\WINDOWS\sys01069593238.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Juno\bin\juno.exe
C:\Program Files\Juno\bin\AdBanner.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms04593238069] C:\WINDOWS\ms04593238069.exe
O4 - HKLM\..\Run: [Ryvoqlbi] C:\Program Files\Ysfn\Hzbyo.exe
O4 - HKLM\..\Run: [sys01069593238] C:\WINDOWS\sys01069593238.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [Juno] C:\Program Files\Juno\bin\juno.exe /RestoreAfterCrash
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78F12E48-B830-4FCA-A3AE-A37C7A40B9AF}: NameServer = 64.136.28.120 64.136.20.120
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhlIEplZGkgTWFzdGVy\command.exe
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: March 24, 2006, 06:41:55 PM »

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *





  • Download and run - bfu.zip
  • Checkmark the following boxes:
    • Use settings specified in script for the above option
    • Show log after script ends[/B]
    • Click the Web button located on the top right corner
    • Copy/Paste this url into the address bar of the Download script window:
    • Execute the script by clicking the Execute button.
    • When it finishes running, click the Save button for a copy of the log
    • Post the log created by the script when you have completed the fix


    * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


    Download & install CleanUp.exe (not recommended for WinXP64)

    Download and install Ewido Security Suite
    • When installing, under "Additional Options",
      • uncheck - Install background guard
      • Have Ewido update itself & then exit the program.
      If you are having problems with the updater, you can use this link to manually update Ewido

      It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


      * * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


      Click Start -> Run - type SERVICES.MSC & then click on the OK button
      • Locate the service - Command Service (cmdService)  
      • Double-click on it to open the Properties dialog.
      -  Change the Startup type to Disabled & then click on the Apply button
      -  Stop the service by using the Stop button.
      • Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
      • In the popup box that appears, copy/paste  cmdService
      • Click on the OK button & answer No if prompted to reboot

      * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


      Do a HijackThis scan & place a check next to these items and select "Fix checked":

       R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
      O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
      O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
      O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
      O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
      O4 - HKLM\..\Run: [winlog] winlog.exe
      O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
      O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
      O4 - HKLM\..\Run: [ms04593238069] C:\WINDOWS\ms04593238069.exe
      O4 - HKLM\..\Run: [Ryvoqlbi] C:\Program Files\Ysfn\Hzbyo.exe
      O4 - HKLM\..\Run: [sys01069593238] C:\WINDOWS\sys01069593238.exe
      O4 - HKLM\..\RunServices: [winlog] winlog.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
       


      * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


      1. Restart your computer
      2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
      3. Instead of Windows loading as normal, a menu should appear
      4. Select the option to run Windows in Safe Mode.


      * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


      Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

      Internet Optimizer
      Toolbar888
      Command


      Please note any other programs that you dont recognize in that list in your next response


      * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


      If you have not done so already, please enable the viewing of Hidden files
      From Windows Explorer, go to Tools -> Folder Options -> View tab.
      • Tick - 'Show hidden files and folder'
      • Untick - 'Hide file extensions for known types'
      • Untick - 'Hide protected operating system files'
      • Click Yes to confirm & then click OK
      Locate and delete the following files/folders: (let me know if you fail to find/delete any)

      C:\mousepad1.exe
      C:\WINDOWS\nem220.dll
      C:\keyboard1.exe
      C:\mousepad1.exe
      C:\WINDOWS\SYSC00.exe
      C:\WINDOWS\ms04593238069.exe
      C:\WINDOWS\sys01069593238.exe
      C:\WINDOWS\VGhlIEplZGkgTWFzdGVy\
      C:\Program Files\Ysfn\
      C:\Program Files\Internet Optimizer\
      C:\Program Files\Toolbar888



      * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


      Run Cleanup! using the following configuration:

      1. Click Options...
      2. Set the slider initially to Standard CleanUp!
      3. Uncheck the following:
      • Delete Newsgroup cache
      • Delete Newsgroup Subscriptions
      • Scan local drives for temporary files
      4. Click OK
      5. Press the CleanUp! button to start the program.
      6. Do NOT reboot/logoff if prompted.

      * CleanUp! will not create any backups!!


      * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


      Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
      • Click Scanner
      • Click Complete System Scan to begin scanning.
      • Click OK when prompted to clean files
      With the first file it prompts to clean, select the option:
      • "Perform action on all infections"
      • .Choose clean and click OK.
      Once finished, click the Save report button & save the report to your desktop

      ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


      * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


      Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

      Answer Yes, when prompted to install an ActiveX component.
      • The program will then begin downloading the latest definition files.
      • Once the files have been downloaded click on NEXT
      • Locate the Scan Settings button & configure to:
        • Scan using the following Anti-Virus database:
        • Extended
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
        • Click OK & have it scan My Computer
        • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
        • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
        * Turn off the real time scanner of any existing antivirus program while performing the online scan


        * * * * * * CHECK LIST  * * * * * * * * * * * * * * * * * * * * *


        In your next post, please include fresh logs from:

        • HiJackThis log
        • Bfu's log
        • Online Scan
        • Ewido   
           
        Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now[/list]
        Logged

         
        Pages: [1] Go Up Print 
         
        Jump to:  

        Powered by MySQL Powered by PHP

        Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

        Valid XHTML 1.0! Valid CSS!

        Disclaimer
        This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
        Back to Top
        Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
        Back to Top
        Google visited last this page November 27, 2018, 07:51:55 PM