kobbo Posted August 9, 2006 Share Posted August 9, 2006 My computer is completely screwed, purchased it a few months ago. It is a Presario COMPAQ laptop. Win XP. I am having problems, big ones. For example: - Computer has a blank screen after i type my password, and it takes about 5 minutes to load my desktop. - ishost and some dogey Smitfraud virus wont LEAVE MY COMPUTER ALONE (Even thought i have removed it dozens of times) - And explorer and other very random programs sometimes use 100% of my CPU. I currently have: Norton Antivirus 2000 Edition (Not up to date) NOD32 Antivirus system (Up to date) Spybot - Search and destroy (Up to date) Heres my computer log. HijackthisLOG: Logfile of HijackThis v1.99.1 Scan saved at 5:33:17 PM, on 9/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] C:\Program Files\Norton Internet Security\ISSVC[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File] C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File] C:\Program Files\Eset\nod32krn[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File] C:\Program Files\Hp\HP Software Update\HPWuSchd2[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\Program Files\HPQ\Quick Launch Buttons\EabServr[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR[Caution: Executable File] C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File] C:\Program Files\Eset\nod32kui[Caution: Executable File] C:\Program Files\Common Files\{42DE64FB-0702-1033-1019-05050331003d}\Update[Caution: Executable File] C:\program files\steam\steam[Caution: Executable File] C:\PROGRA~1\MSNMES~1\msnmsgr[Caution: Executable File] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\Documents and Settings\ajlaga\My Documents\hjthis\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant[Caution: Executable File] O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr[Caution: Executable File] O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File] O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2[Caution: Executable File] O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr[Caution: Executable File] /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset[Caution: Executable File] O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File] O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG[Caution: Executable File]" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG[Caution: Executable File] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP[Caution: Executable File] /IMEName O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer O4 - HKLM\..\Run: [PRISMSVR[Caution: Executable File]] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR[Caution: Executable File]" /APPLY O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui[Caution: Executable File]" /WAITSERVICE O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam[Caution: Executable File]" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [ee63b6f3[Caution: Executable File]] C:\Documents and Settings\ajlaga\Local Settings\Application Data\ee63b6f3[Caution: Executable File] O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=presario&pf=laptop O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI[Caution: Executable File] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC[Caution: Executable File] O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: Executable File] O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn[Caution: Executable File] O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: Executable File] O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] Please, Help me i am in seriouse need!!! - Aj ;D Link to comment Share on other sites More sharing options...
kobbo Posted August 9, 2006 Author Share Posted August 9, 2006 yer.. BUMP!! ;D Link to comment Share on other sites More sharing options...
teal_128 Posted August 9, 2006 Share Posted August 9, 2006 you can try reformatting your hard drive,....of course, this would mean that all your programs will be deleted :-k but the virus will be too :thumbsup: Link to comment Share on other sites More sharing options...
Sinkhan Posted August 9, 2006 Share Posted August 9, 2006 Try out Trend Micro's Housecall. It's a free online antivirus service that will run in your browser and detect and remove viruses. Get Windows Defender and Ad-Aware for anti-spyware. As for those two viruses, I think they have a few components to them that allows them to restore any parts that you remove. Look the two viruses up on the Symantec website or go to http://www.computerhope.com and check out the forums there. They're devoted to helping out people in need. Just post all the information like you did here and I'm almost sure they'll help you fix your computer up. Something to fill my sig with until I find a replacement.Also check out my blug Link to comment Share on other sites More sharing options...
coltm4carbine Posted August 10, 2006 Share Posted August 10, 2006 err..a sidenote: I think you got the latest version of vundo.[no BHOs and very few o20s...] not smitfraud. [lol lucky you..i've been trying to find this latest version since i knew about it] edit: Do this for vundo first, to make sure it aint that.. Please download VundoFix[Caution: Executable File] to your desktop. [*:2ji55t5o]Double-click VundoFix[Caution: Executable File] to run it. [*:2ji55t5o]Put a check next to Run VundoFix as a task. [*:2ji55t5o]You will receive a message saying vundofix will close and re-open in a minute or less. Click OK [*:2ji55t5o]When VundoFix re-opens, click the Scan for Vundo button. [*:2ji55t5o]Once it's done scanning, click the Remove Vundo button. [*:2ji55t5o]You will receive a prompt asking if you want to remove the files, click YES [*:2ji55t5o]Once you click yes, your desktop will go blank as it starts removing Vundo. [*:2ji55t5o]When completed, it will prompt that it will shutdown your computer, click OK. [*:2ji55t5o]Turn your computer back on. [*:2ji55t5o]Please post the contents of C:\vundofix.txt and a new HiJackThis log. Link to comment Share on other sites More sharing options...
crossduke Posted August 10, 2006 Share Posted August 10, 2006 i have a suggestion that hasnt been stated... perhaps alot of ur memory is overfull with temprary internet files... go into your start menu go to programs/accessories/system tools/disc clean-up. click on disc cleanup and it will do a quick scan of ur computer then select all of the check boxes and select ok and let it delete everything. if your like me and get urself 70-80k KB worth of space taken up by temp internet files it will slow u down alot. then if that doesnt work my preference for anti virus is AVG Anti-virus free edition will work. by deleting ur temporary internet files it may take a bit longer for web pages to load but its easily worth a few extra seconds :D my recomended downloads to take care of ur computer: ad-aware SE personal (free anti spyware) avg-Anti virus (also free) zone alarm free edition (free firewall) to find the sites for the downloads just do a google search for the name of the program if u have any questions about the programs or my suggestions send me a message on msn messenger or icq it should supply my details at the bottom of my post but im not sure if i put them on my profile so here they be:icq# 317-792-370 msn:[email protected] Link to comment Share on other sites More sharing options...
kobbo Posted August 10, 2006 Author Share Posted August 10, 2006 tyvm all, ;D Link to comment Share on other sites More sharing options...
kobbo Posted August 10, 2006 Author Share Posted August 10, 2006 DIdnt have Vundo ;P But its ok i figured it all out, thanks guys ;D Link to comment Share on other sites More sharing options...
D. V. Devnull Posted September 8, 2016 Share Posted September 8, 2016 DIdnt have Vundo ;P But its ok i figured it all out, thanks guys@kobbo, could you please post what it took to fix your problem, and exactly what it was that happened to be causing it? This information would be useful for anyone in the future who came across your issues. You might be able to save them a lot of trouble! :huh: ~Mr. D. V. "Seriously, not sharing what it took to fix the problem is just as bad as getting infected!" Devnull and normally with a cool mind.(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.) Link to comment Share on other sites More sharing options...
Arceus Posted September 8, 2016 Share Posted September 8, 2016 I'm kind of having my doubts that they'll return after a decade,. Closed. "Fight for what you believe in, and believe in what you're fighting for." Can games be art? --- My blog here if you want to check out my Times articles and other writings! I always appreciate comments/feedback. Link to comment Share on other sites More sharing options...
Recommended Posts