Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis  
Forum Quick Jump
 
New Topic Post reply to : I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis Printable version of : I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
[ << Previous Thread | Next Thread >> ]

SVi3tDragNS
New Member


Date Joined Sep 2008
Total Posts : 2
  		   Posted 9-27-2008 9:55 (GMT +1)    Quote: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthisAlert an admin about: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
I've had it for a week or two now and i think i got it from my friend's micro sd.
Help please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:45 AM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\Explorer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\NHUTNG~1\LOCALS~1\Temp\winydihdh.exe
C:\Documents and Settings\Nhut Nguyen\Desktop\mbam-setup.exe
C:\DOCUME~1\NHUTNG~1\LOCALS~1\Temp\is-C4G94.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {354D9F43-0EFC-0656-85DB-77B5EAC7DF90} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\TEMP\windyompx.exe"
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\Windows\system32:x32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216723024828
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5169 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 9-27-2008 11:20 (GMT +1)    Quote: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthisAlert an admin about: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
Hello smile
 
 
I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.
 Avast! makes an excellent free antivirus client.
Install, update it and run full systemscan.
Reboot.
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply, along with Malwarebytes' Anti-Malware
 
 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 
 
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

SVi3tDragNS
New Member


Date Joined Sep 2008
Total Posts : 2
  		   Posted 9-27-2008 8:18 (GMT +1)    Quote: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthisAlert an admin about: I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
When i try to install Avast! the installation closes on me and now the HijackThis and ComboFix won't open. Sorry for all the problems.
Back to Top
 
New Topic Post reply to : I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis Printable version of : I have a virus that disabled my taskmanager and registryeditor, attached is a log from hijackthis
 
Forum Information
Currently it is Tuesday, January 06, 2009 2:23 PM (GMT +1)
There are a total of 65.862 posts in 16.164 threads.
In the last 3 days there were 21 new threads and 86 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
58 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cannot remove malware (4)06-01-2009 13:13:30 (phill)
Have I a machine infection? (8)06-01-2009 12:42:25 (Geekguy)
How to restore missing control panel and properties (0)06-01-2009 12:30:09 (Nards)
Google Redirect Virus - Stubborn Version!!! (11)06-01-2009 12:24:11 (DaveWales)
Please help with my Hijackthis log (6)06-01-2009 12:13:33 (iwanttofly4)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard