PC out of control

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 24.11.2024 / 02:42

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > pc out of control

Browse by topic

Forums

Start a new thread

PC out of control

Jump to:

Posted

Message

chawjohn

Newbie

31. January 2006 @ 03:55

Link to this message

I'm losing control. Pop ups and spyware, trogen downloaderhave taken over control. Help if you can. I have a firewall through my cable provider and also Microsoft anti spyware and Norton antivirous 2003installed. I can no longer bring up my start page using msconfig and run. It will not come up. something is running in start up and i cannot get to it to remove it.

[ + quote]

chawjohn

Newbie

31. January 2006 @ 04:03

Link to this message

StartupList report, 1/25/2006, 4:26:10 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\JOHNCU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\MSHTHA.EXE
C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\JOHNCU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digimax Viewer 2.0.lnk = ?
Event Planner Reminders Tray Icon.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
CMPDPSRV = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Microsoft Hyptertext Helper = MSHTHA.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Microsoft Hyptertext Helper = MSHTHA.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...

[Mirar_Dummy_ATS1 Class]
InProcServer32 = C:\WINDOWS\system32\WinATS.dll
CODEBASE = http://awbeta.net-nucleus.com/FIX/WinATS.cab

[{9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA}]
CODEBASE = http://www.adelphia.net/files/musicnet/download/adelphia/Performe...

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,749 bytes
Report generated in 0.431 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[ + quote]

TheReturn

Suspended due to non-functional email address

31. January 2006 @ 11:30

Link to this message

Try to install Spybolt R&D. Run it in safemode. Clean all spywares when it done. Reboot.

[ + quote]

THE RETURN

Specialist in mod, hack, crack, download, copy, install, fix, repair game consoles and computers.

Click on the picture below to get files, guides and tutorials for Xbox.

ironsled

Newbie

2. February 2006 @ 08:15

Link to this message

I found the same crap on my pc. I ran a program called Silent Sword. It disabled the malware with one reboot. It's a 30 day free trial and I found it on download.com.

Cheers,
Steven

[ + quote]

This message has been edited since posting. Last time this message was edited on 2. February 2006 @ 08:21

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > pc out of control


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.