chantsday
-
Posts
3 -
Joined
-
Last visited
Never -
Speed Test
My Results
Posts posted by chantsday
-
-
after downloading spybot and adaware...it supposedly got rid of a lot of spyware... but the msn worm is still there... I restarted....put it in safe mode and followed all those instructions... but the virus is still there...anyone know what to do from here??
-
Logfile of HijackThis v1.99.1
Scan saved at 6:02:03 PM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSAGRSMMSG.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe
C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe
C:Program FilesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe
C:Program FilesMSN AppsUpdater01.02.3000.1001en-usmsnappau.exe
C:Program FilesJavajre1.5.0_01binjusched.exe
C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
C:Program FilesiTunesiTunesHelper.exe
C:program fileszangozango.exe
C:Program FilesJavajre1.5.0_01binjucheck.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesRoxioEasy CD Creator 6AudioCentralPlaylist.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHewlett-PackardToolbox2.0JavasoftJRE1.3.1binjavaw.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32system.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAIMaim.exe
C:Program FilesSamsungDigimax Viewer 2.1STImgBrowser.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsFamilyshell.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1FamilyLOCALS~1TempTemporary Directory 2 for hijackthis[2].zipHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.tt/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST01.02.3000.1002en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.3000.1001en-usmsntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_5_7_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:Program FilesAIM ToolbarAIMBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.3000.1001en-usmsntb.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"
O4 - HKLM..Run: [RoxioDragToDisc] "C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"
O4 - HKLM..Run: [RoxioAudioCentral] "C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe"
O4 - HKLM..Run: [statusClient] C:Program FilesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup] C:Program FilesHewlett-PackardToolbox2.0hpbpsttp.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater01.02.3000.1001en-usmsnappau.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_01binjusched.exe
O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [zango] c:program fileszangozango.exe
O4 - HKLM..Run: [Windows] system.exe
O4 - HKLM..RunServices: [Windows] system.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar1.binMWSOEMON.EXE
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYTT
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_01binnpjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_01binnpjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102455803468
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
help my computer is infected
in HELP!
Posted
after doing all of the things u guys have suggested we still cant get rid of the msn worm...we even went to azags site to get rid of the kelvir virus which is what the problem is and it didnt work. we've tried safe mode and all the other anti-virus scans and none are finding it and all are updated. i'm all out of ideas... got anymore?