Options

spyware and malfunction of msconfig

Unknown
edited November 2004 in Spyware & Virus Removal
I have run adaware and spybot (updated) and here's a hijackthis log. I know that I have an infection and currently can only run msconfig and regedit in safe mode (won't run when windows is loaded - i have xp sp2)
Any help is really, really appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 6:24:26 PM, on 11/03/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\AOLMSNGR.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\spywarestuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] "SysTray.Exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AOL Messenger] AOLMSNGR.EXE
O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
O4 - HKCU\..\RunOnce: [AOL Messenger] AOLMSNGR.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {860500E0-C7F8-11D6-8736-00D0B7E22AE9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {860500E1-C7F8-11D6-8736-00D0B7E22AE9} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {860500E2-C7F8-11D6-8736-00D0B7E22AE9} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    Boot into Safe mode, then do the following:

    O4 - HKLM\..\Run: [AOL Messenger] AOLMSNGR.EXE

    Fix that entry, then find and delete AOLMSNGR.EXE, reboot into normal mode, and post a new log.
  • ntwrkgirl
    edited November 2004
    not to be stupid, but won't that delete aol instant messenger? I can reinstall, I'm just curious
    (thanks)
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    No. That is not the real AOL Messenger, it is part of the Bestfriends virus. It hides under names that sound legit, but really arent. That virus is what is causing msconfig, regedit and taskmanager to not work.
Sign In or Register to comment.