MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Various virus and malware problems.
November 17, 2019, 08:20:07 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 17, 2019, 08:20:07 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Various virus and malware problems.  (Read 2677 times)
Lord Aradon
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 35


Bookmark and Share

View Profile
« on: July 24, 2006, 07:32:46 AM »

Hi,

This is a problem my friend is having, they seem to have managed to get some viruses and malware on their machine and can't shift it.  They are running Win 2K.

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 15:43:18, on 23/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.LAPTOP2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eve-online.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] "rundll32.exe" C:\WINNT\System32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Progra~1\REGSHAVE\REGSHAVE.EXE" /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O20 - AppInit_DLLs: 
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks in advance for any help.
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #1 on: July 24, 2006, 07:58:14 PM »

Hello,

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

   In the Windows Tab:
       
Logged

Steve
Lord Aradon
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 35


Bookmark and Share

View Profile
« Reply #2 on: July 25, 2006, 02:41:19 PM »

Hi, Ewido wont run in safemode, at least it's not doing when I try.  I'm getting this error

Quote
'something bad happened in the application. error diagnostic file saved to 'C:\Programfiles\ewido anti-spyware 4.0\ewido.err'

Thanks
« Last Edit: July 25, 2006, 02:44:32 PM by Lord Aradon » Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #3 on: July 25, 2006, 04:04:59 PM »

Did you try the following steps:

Quote
Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

If so, try running Ewido in normal mode.
Logged

Steve
Lord Aradon
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 35


Bookmark and Share

View Profile
« Reply #4 on: July 26, 2006, 11:36:52 AM »

OKay yeah, I tried those but it wouldn't work so I did it in safe mode.

Heres the report you requested.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   03:21:08 26/07/2006

 + Scan result:   



HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\WINNT\system32\gebxvvt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINNT\system32\hgdaw.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Garry\Local Settings\Temporary Internet Files\Content.IE5\PHTAAXMX\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Garry\Local Settings\Temporary Internet Files\Content.IE5\UEO401WS\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\WINNT\system32\ixt1.dll -> Downloader.Zlob.aae : Cleaned with backup (quarantined).
C:\WINNT\system32\ixt0.dll -> Downloader.Zlob.zy : Cleaned with backup (quarantined).
C:\WINNT\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\WINNT\system32\drivers\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINNT\system32\jibqhkjd.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{9025FC36-063C-1033-0422-04121203002c}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
[1600] C:\Program Files\Common Files\{9025FC36-063C-1033-0422-04121203002c}\Update.exe -> Trojan.Starter.65 : Error during cleaning.


::Report end

Cheers.
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #5 on: July 27, 2006, 08:04:38 AM »

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to "Run VundoFix as a task."
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click "OK".
  • When VundoFix re-opens, click the "Scan for Vundo" button.
  • Once it's done scanning, click the "Remove Vundo" button.
  • If it says "No infected files were found", right-click the blank listbox (white box) in the main VundoFix window.
  • Select "Add More Files?" from the menu that comes up. This will open a new VundoFix window that says "Paste files into the boxes below:"
  • In the top/first field, copy and paste the path to the dll: C:\WINDOWS\system32\badfile.dll
  • In the next/second field, copy and paste the path to the reversed file: C:\WINDOWS\system32\elifdab.*
  • Click the "Add Files" button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click "YES".
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click "OK".
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Please download VirtumundoBeGone.exe:
1. Save it to your Desktop.
2. Locate and double-click VirtumundoBeGone.exe to run it.
3. Follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
4. When finished it will create a log named vbg.txt on your desktop.
5. Reboot your PC


Please post the contents of C:\vundofix.txt and vbg.txt and a new HiJackThis log
Logged

Steve
Lord Aradon
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 35


Bookmark and Share

View Profile
« Reply #6 on: July 27, 2006, 01:23:28 PM »

Okay thanks, running vundofix as a task doesnt work and running it from the original window and doing those options still doesnt find anything.

Here is vundofix.txt

VundoFix V5.1.5

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.4

Scan started at 14:04:54 27/07/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V5.1.5

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.4

Scan started at 14:18:34 27/07/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 14:23:51, on 27/07/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.LAPTOP2\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eve-online.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] "rundll32.exe" C:\WINNT\System32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [REGSHAVE] "C:\Progra~1\REGSHAVE\REGSHAVE.EXE" /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O20 - AppInit_DLLs: 
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logged

 
Lord Aradon
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 35


Bookmark and Share

View Profile
« Reply #7 on: July 27, 2006, 01:39:06 PM »

and here is the vbg log


[07/27/2006, 14:25:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator.LAPTOP2\Desktop\VirtumundoBeGone.exe" )
[07/27/2006, 14:26:00] - Detected System Information:
[07/27/2006, 14:26:00] -  Windows Version: 5.0.2195, Service Pack 4
[07/27/2006, 14:26:00] -  Current Username: Paul (Admin)
[07/27/2006, 14:26:00] -  Windows is in NORMAL mode.
[07/27/2006, 14:26:00] - Searching for Browser Helper Objects:
[07/27/2006, 14:26:00] -  BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2006, 14:26:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:00] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2006, 14:26:00] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2006, 14:26:00] -  BHO 2: {61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7} ()
[07/27/2006, 14:26:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:00] -  Checking for HKLM\...\Winlogon\Notify\hgdaw
[07/27/2006, 14:26:00] -  Found: HKLM\...\Winlogon\Notify\hgdaw - This is probably Virtumundo.
[07/27/2006, 14:26:00] -  Assigning {61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7} MSEvents Object
[07/27/2006, 14:26:00] - BHO list has been changed! Starting over...
[07/27/2006, 14:26:00] -  BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2006, 14:26:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:00] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2006, 14:26:00] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2006, 14:26:00] -  BHO 2: {61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7} (MSEvents Object)
[07/27/2006, 14:26:00] - ALERT: Found MSEvents Object!
[07/27/2006, 14:26:00] -  BHO 3: {873eb32d-ae1a-4183-89bd-45a77f761be4} ()
[07/27/2006, 14:26:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:00] -  Checking for HKLM\...\Winlogon\Notify\ixt1
[07/27/2006, 14:26:00] -  Key not found: HKLM\...\Winlogon\Notify\ixt1, continuing.
[07/27/2006, 14:26:00] - Finished Searching Browser Helper Objects
[07/27/2006, 14:26:00] - *** Detected MSEvents Object
[07/27/2006, 14:26:00] - Trying to remove MSEvents Object...
[07/27/2006, 14:26:01] -    Terminating Process: IEXPLORE.EXE
[07/27/2006, 14:26:01] -    Terminating Process: RUNDLL32.EXE
[07/27/2006, 14:26:01] -    Disabling Automatic Shell Restart
[07/27/2006, 14:26:01] -    Terminating Process: EXPLORER.EXE
[07/27/2006, 14:26:02] -    Suspending the NT Session Manager System Service
[07/27/2006, 14:26:02] -    Terminating Windows NT Logon/Logoff Manager
[07/27/2006, 14:26:02] -    Re-enabling Automatic Shell Restart
[07/27/2006, 14:26:02] -   File to disable: C:\WINNT\system32\hgdaw.dll
[07/27/2006, 14:26:02] -  Renaming C:\WINNT\system32\hgdaw.dll -> C:\WINNT\system32\hgdaw.dll.vir
[07/27/2006, 14:26:02] - ! File rename was unsucessful.
[07/27/2006, 14:26:02] -  Attempting to Deny Access to C:\WINNT\system32\hgdaw.dll
[07/27/2006, 14:26:02] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[07/27/2006, 14:26:02] -  processed file:  C:\WINNT\system32\hgdaw.dll

[07/27/2006, 14:26:02] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[07/27/2006, 14:26:02] -   Removing HKLM\...\Browser Helper Objects\{61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7}
[07/27/2006, 14:26:02] -   Removing HKCR\CLSID\{61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7}
[07/27/2006, 14:26:02] -   Adding Kill Bit for ActiveX for GUID: {61638CC6-AE4E-4BC0-A8EF-A5B9D5A741B7}
[07/27/2006, 14:26:02] -   Deleting ATLEvents/MSEvents Registry entries
[07/27/2006, 14:26:02] -   Removing HKLM\...\Winlogon\Notify\hgdaw
[07/27/2006, 14:26:02] - Searching for Browser Helper Objects:
[07/27/2006, 14:26:02] -  BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2006, 14:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:02] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2006, 14:26:02] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2006, 14:26:02] -  BHO 2: {873eb32d-ae1a-4183-89bd-45a77f761be4} ()
[07/27/2006, 14:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 14:26:02] -  Checking for HKLM\...\Winlogon\Notify\ixt1
[07/27/2006, 14:26:02] -  Key not found: HKLM\...\Winlogon\Notify\ixt1, continuing.
[07/27/2006, 14:26:02] - Finished Searching Browser Helper Objects
[07/27/2006, 14:26:02] - Finishing up...
[07/27/2006, 14:26:02] - A restart is needed.
[07/27/2006, 14:26:10] - Attempting to Restart via STOP error (Blue Screen!)
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #8 on: July 27, 2006, 06:56:32 PM »

Reboot in SAFE MODE (Tap F8 during Startup)

Run HijackThis and check the following lines:

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

Click FIX CHECKED

Click Start>Run then type regsvr32 /u hgdaw.dll

Click Start>Run then type cmd
At the prompt in the new window type attrib -r -a -s -h C:\WINNT\system32\hgdaw.dll
then type del C:\WINNT\system32\hgdaw.dll

Reboot

Post a new HijackThis log and let me know how it is running.
Logged

Steve
jamesfranklin
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


Bookmark and Share

View Profile
« Reply #9 on: August 05, 2008, 11:09:11 AM »

For any kind of PC up gradation or PC maintenance a best place i know is PC Solutions you can have a look by yourself it deals with all kinds of pc problems virus removal, spyware problem etc. I hope you won't be disappointed because one of my friend referred me this site and by that time i am with this site and recommending others
Logged
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 10, 2017, 10:00:26 PM