NVM Solved: virus infection.

[kobbo]

My computer is completely screwed, purchased it a few months ago. It is a Presario COMPAQ laptop. Win XP.

 

I am having problems, big ones.

 

For example:

 

- Computer has a blank screen after i type my password, and it takes about 5 minutes to load my desktop.

 

- ishost and some dogey Smitfraud virus wont LEAVE MY COMPUTER ALONE (Even thought i have removed it dozens of times)

 

- And explorer and other very random programs sometimes use 100% of my CPU.

 

 

 

I currently have:

 

Norton Antivirus 2000 Edition (Not up to date)

 

NOD32 Antivirus system (Up to date)

 

Spybot - Search and destroy (Up to date)

 

 

 

Heres my computer log.

 

HijackthisLOG:

 

Logfile of HijackThis v1.99.1

 

Scan saved at 5:33:17 PM, on 9/08/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

C:\Program Files\Norton Internet Security\ISSVC[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]

 

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File]

 

C:\Program Files\Eset\nod32krn[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File]

 

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

C:\Program Files\Hp\HP Software Update\HPWuSchd2[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]

 

C:\Program Files\HPQ\Quick Launch Buttons\EabServr[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR[Caution: Executable File]

 

C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]

 

C:\Program Files\Eset\nod32kui[Caution: Executable File]

 

C:\Program Files\Common Files\{42DE64FB-0702-1033-1019-05050331003d}\Update[Caution: Executable File]

 

C:\program files\steam\steam[Caution: Executable File]

 

C:\PROGRA~1\MSNMES~1\msnmsgr[Caution: Executable File]

 

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Documents and Settings\ajlaga\My Documents\hjthis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant[Caution: Executable File]

 

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File]

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

 

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr[Caution: Executable File] /Start

 

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset[Caution: Executable File]

 

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File]

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG[Caution: Executable File]

 

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer

 

O4 - HKLM\..\Run: [PRISMSVR[Caution: Executable File]] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR[Caution: Executable File]" /APPLY

 

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]"

 

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui[Caution: Executable File]" /WAITSERVICE

 

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam[Caution: Executable File]" -silent

 

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr[Caution: Executable File]" /background

 

O4 - HKCU\..\Run: [ee63b6f3[Caution: Executable File]] C:\Documents and Settings\ajlaga\Local Settings\Application Data\ee63b6f3[Caution: Executable File]

 

O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI[Caution: Executable File]

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=presario&pf=laptop

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - AppInit_DLLs: MsgPlusLoader.dll

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File]

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI[Caution: Executable File]

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC[Caution: Executable File]

 

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File]

 

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn[Caution: Executable File]

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: Executable File]

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File]

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

 

 

 

Please, Help me i am in seriouse need!!!

 

 

 

- Aj

[kobbo]

yer.. BUMP!!

[teal_128]

you can try reformatting your hard drive,....of course, this would mean that all your programs will be deleted :-k but the virus will be too :thumbsup:

[Sinkhan]

Try out Trend Micro's Housecall. It's a free online antivirus service that will run in your browser and detect and remove viruses.

 

 

 

Get Windows Defender and Ad-Aware for anti-spyware.

 

 

 

As for those two viruses, I think they have a few components to them that allows them to restore any parts that you remove. Look the two viruses up on the Symantec website or go to http://www.computerhope.com and check out the forums there. They're devoted to helping out people in need. Just post all the information like you did here and I'm almost sure they'll help you fix your computer up.

[coltm4carbine]

err..a sidenote:

 

 

 

I think you got the latest version of vundo.[no BHOs and very few o20s...] not smitfraud. [lol lucky you..i've been trying to find this latest version since i knew about it]

 

 

 

edit:

 

 

 

Do this for vundo first, to make sure it aint that..

 

 

 

Please download VundoFix[Caution: Executable File] to your desktop.

• 
   
  [*:2ji55t5o]Double-click VundoFix[Caution: Executable File] to run it.
   
  [*:2ji55t5o]Put a check next to Run VundoFix as a task.
   
  [*:2ji55t5o]You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
   
  [*:2ji55t5o]When VundoFix re-opens, click the Scan for Vundo button.
   
  [*:2ji55t5o]Once it's done scanning, click the Remove Vundo button.
   
  [*:2ji55t5o]You will receive a prompt asking if you want to remove the files, click YES
   
  [*:2ji55t5o]Once you click yes, your desktop will go blank as it starts removing Vundo.
   
  [*:2ji55t5o]When completed, it will prompt that it will shutdown your computer, click OK.
   
  [*:2ji55t5o]Turn your computer back on.
   
  [*:2ji55t5o]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

[crossduke]

i have a suggestion that hasnt been stated... perhaps alot of ur memory is overfull with temprary internet files... go into your start menu go to programs/accessories/system tools/disc clean-up. click on disc cleanup and it will do a quick scan of ur computer then select all of the check boxes and select ok and let it delete everything. if your like me and get urself 70-80k KB worth of space taken up by temp internet files it will slow u down alot. then if that doesnt work my preference for anti virus is AVG Anti-virus free edition will work. by deleting ur temporary internet files it may take a bit longer for web pages to load but its easily worth a few extra seconds :D

 

 

 

my recomended downloads to take care of ur computer:

 

ad-aware SE personal (free anti spyware)

 

avg-Anti virus (also free)

 

zone alarm free edition (free firewall)

 

to find the sites for the downloads just do a google search for the name of the program

 

 

 

if u have any questions about the programs or my suggestions send me a message on msn messenger or icq it should supply my details at the bottom of my post but im not sure if i put them on my profile so here they be:icq# 317-792-370 msn:[email protected]

[kobbo]

tyvm all,

[kobbo]

DIdnt have Vundo ;P

 

 

 

But its ok i figured it all out, thanks guys

[D. V. Devnull]

DIdnt have Vundo ;P

 

But its ok i figured it all out, thanks guys

@kobbo, could you please post what it took to fix your problem, and exactly what it was that happened to be causing it?  This information would be useful for anyone in the future who came across your issues.  You might be able to save them a lot of trouble! :huh:

 

~Mr. D. V. "Seriously, not sharing what it took to fix the problem is just as bad as getting infected!" Devnull

[Arceus]

I'm kind of having my doubts that they'll return after a decade,. Closed.