|
Internet explorer help
|
|
Junior Member
|
5. October 2006 @ 16:04 |
Link to this message
|
everytime i open IE it brings me to this page http://www.uptodateprotection.net/ even when i change my homepage. it tells me i have the w32.myzor.fk@yf virus is there any way to get rid of the virus and that homepage
|
|
Advertisement
|
 |
|
|
Senior Member
|
5. October 2006 @ 18:46 |
Link to this message
|
Download HijackThis.
Create a folder in C: named HjT.
Extract the file to the new folder.
Open HijackThis.exe.
Click "Do a system scan and save a log file".
Post that log here.
|
Junior Member
|
6. October 2006 @ 06:30 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 7:30:23 AM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Arctic\arctic.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sherwin\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {51CB32F5-76EC-A22B-F9F1-0676A5FCD480} - C:\WINDOWS\system32\wwwtmei.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [rmalt] C:\Program Files\Messengers\nero_keymaker.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1130124510156
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinTrust32 - Unknown owner - C:\WINDOWS\system32\wintrust32.exe (file missing)
|
Junior Member
|
6. October 2006 @ 06:30 |
Link to this message
|
what was the point of making a HjT folder did i have to manualy redirect to that folder
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 06:32
|
Senior Member
|
6. October 2006 @ 07:40 |
Link to this message
|
The folder is made for easy access to backups if needed. When it's on the desktop a folder will be created for backups, but there is the risk of deleting it inadverently. So, it really doens't matter where's it at.
Go here and download the 30 day trial of AVG Anti-spyware.
Install, open and click Update.
After update, close AVG.
Do not run a scan yet, we will do this later.
Open HijackThis.
Click "Run a system scan only".
Check these(if there):
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {51CB32F5-76EC-A22B-F9F1-0676A5FCD480} - C:\WINDOWS\system32\wwwtmei.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [rmalt] C:\Program Files\Messengers\nero_keymaker.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k <--Isn't bad, but not needed on startup.
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O23 - Service: WinTrust32 - Unknown owner - C:\WINDOWS\system32\wintrust32.exe (file missing)
Close all windows except HijackThis then click "Fix checked".
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Find and delete these files(if there):
C:\WINDOWS\system32\wwwtmei.dll
C:\Program Files\Messengers\nero_keymaker.exe
C:\WINDOWS\System32\winrge32.dll
C:\WINDOWS\System32\wintrust32.exe
You may have to show hidden files and folders: Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Remember to empty the Recycle Bin.
Open AVG Anti-spyware.
Click "Scanner" and run a "Complete system scan".
When it finishes, set all items to "quarantine".
Then click "Apply all actions".
Click "Save report" and save it to the desktop.
Restart in normal mode.
Post the AVG report and a new HijackThis log.
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 07:42
|
Junior Member
|
6. October 2006 @ 13:37 |
Link to this message
|
|
i went on safe mode and deleted C:\WINDOWS\system32\wwwtmei.dll
but C:\Program Files\Messengers\nero_keymaker.exe wasnt there and
C:\WINDOWS\System32\winrge32.dll C:\WINDOWS\System32\wintrust32.exe couldnt be deleted and when i restared my computer it loads but then the screen goes black and i cant doing anything when i go back to safe mode it restarts. i cant use that computer at all anymore what should i do?
|
Junior Member
|
6. October 2006 @ 13:53 |
Link to this message
|
|
instead of deleating C:\WINDOWS\System32\wintrust32.exe i tried to delete wintrust.dll i tried to delete it by moving it to my desktop and renameing it to try to delete it. i tried to rename it back to wintrust.dll and put it back into the system32 folder when i restarted the computer it started to load up but then it blacks out and does nothing
|
Senior Member
|
6. October 2006 @ 13:56 |
Link to this message
|
|
Edit
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 14:02
|
Junior Member
|
6. October 2006 @ 13:59 |
Link to this message
|
|
safe mode restarts right away
so does last known good configuration
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 14:01
|
Junior Member
|
6. October 2006 @ 14:03 |
Link to this message
|
|
i cant even get in to my computer im using a laptop because my desktop is unuseable
|
Senior Member
|
6. October 2006 @ 14:03 |
Link to this message
|
|
Ok, I'll pust this in one post.
You should have not deleted it unless the name was exact! I bolded the names to show this. No worries though(hopefully).
If you have your recovery disc insert it and choose to repair Windows. That should restore wintrust.dll
|
Junior Member
|
6. October 2006 @ 14:12 |
Link to this message
|
|
i dont have one
|
Senior Member
|
6. October 2006 @ 14:21 |
Link to this message
|
|
Oh, that's not good either. Can you borrow one from a friend or family member? I don't see another way of transfering the dll if you can't boot.
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 14:22
|
Junior Member
|
6. October 2006 @ 14:37 |
Link to this message
|
|
you think i can make one with my laptop? if i could can you walk me through how to make one
|
|
Advertisement
|
|
|
Senior Member
|
6. October 2006 @ 15:08 |
Link to this message
|
|
No, they can't be made. Some can't even be copied, sorry.
Only ways I know to get one is either borrow one or call you computer manufacter and ask them if they will sell you one. Some companies will not sell them, but it's worth an ask.
This message has been edited since posting. Last time this message was edited on 6. October 2006 @ 15:10
|
