Computer Help ForumComputer Help Forum
Welcome, Guest

Go Back   TechieHQ - Computer Help Forum · » Operating Systems · System Infection Support
Reload this Page Plz help me wid ma comp

Plz help me wid ma comp

System Infection Support Support for virus, spy-ware, ad-ware, mal-ware and any other type of system infection.

Reply
 
Thread Tools Display Modes
  #1  
Old Aug 23rd, 08, 6:31 PM
basalganglia
THQ Newbie
Posts: 1
Status: Offline
 
From: India
Joined: Aug 2008
Rep: basalganglia is on a distinguished road to becoming a computer geek
Plz help me wid ma comp
I got infected by some kinda trojan
It was detected and removed by Avast!!!!!!
But it came back on login.
It disabled my taskmanager and startmenu.Finaly i had to change my startmenu to convert into classic mode and then from there i went to user accounts and created a new user,but now on bootup even de new user account shows to ave same trojan.This is my log file.Plz help me as of wat to do.Thanks in advance



Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Avast\aswUpdSv.exe
E:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\BlueSoliel\BTNtService.exe
E:\Nero 8.3\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
E:\Nero 8.3\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
E:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\NOKIA PC SUITE\Nokia PC Suite 7\PCSuite.exe
E:\Internet softwares\Internet Download Manager\IDMan.exe
E:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
E:\Internet softwares\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Internet softwares\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: rafbsvnx - {2F398AF7-F1A1-4D9E-92E9-36A94898D559} - C:\WINDOWS\rafbsvnx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Nero 8.3\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [b4535a9d] rundll32.exe "C:\WINDOWS\system32\nfwffgvi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "E:\NOKIA PC SUITE\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] E:\Internet softwares\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\NOKIA E 51\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\NOKIA E 51\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - E:\Internet softwares\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\Internet softwares\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - E:\Internet softwares\Internet Download Manager\IEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: cjokcy.dll ieblbz.dll
O21 - SSODL: tsxngabr - {5D42201A-647A-4D46-A5D1-8AAD07A495EA} - C:\WINDOWS\tsxngabr.dll
O21 - SSODL: vtqnxfko - {D93198FC-72D0-44A3-967C-6E98DA6BA9D7} - C:\WINDOWS\vtqnxfko.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Avast\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\BlueSoliel\BTNtService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Nero 8.3\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Reply With Quote
Advertisement
  #2  
Old Aug 24th, 08, 6:55 AM
Codex85's Avatar
Codex85
Mouse Potato
Posts: 693
Status: Offline
techie.gif 		 
From: US
Joined: Apr 2005
Rep: Codex85 is a splendid one to beholdCodex85 is a splendid one to beholdCodex85 is a splendid one to beholdCodex85 is a splendid one to beholdCodex85 is a splendid one to beholdCodex85 is a splendid one to beholdCodex85 is a splendid one to behold
Possibly nasty:
O20 - AppInit_DLLs: cjokcy.dll ieblbz.dll
O21 - SSODL: tsxngabr - {5D42201A-647A-4D46-A5D1-8AAD07A495EA} - C:\WINDOWS\tsxngabr.dll
O21 - SSODL: vtqnxfko - {D93198FC-72D0-44A3-967C-6E98DA6BA9D7} - C:\WINDOWS\vtqnxfko.dll (file missing)

Probably nasty:
O3 - Toolbar: rafbsvnx - {2F398AF7-F1A1-4D9E-92E9-36A94898D559} - C:\WINDOWS\rafbsvnx.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm



__________________
Reply With Quote
  #3  
Old Aug 25th, 08, 1:16 AM
S Walch's Avatar
S Walch
MAME 0.64 :)
Posts: 760
Status: Offline
techie.gif 		 
From: Manchester
Joined: Jun 2003
Rep: S Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geeknessS Walch has much to be proud of his / her geekness
Definitely nasty:

O3 - Toolbar: rafbsvnx - {2F398AF7-F1A1-4D9E-92E9-36A94898D559} - C:\WINDOWS\rafbsvnx.dll

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [b4535a9d] rundll32.exe "C:\WINDOWS\system32\nfwffgvi.dll",b

O20 - AppInit_DLLs: cjokcy.dll ieblbz.dll

O21 - SSODL: tsxngabr - {5D42201A-647A-4D46-A5D1-8AAD07A495EA} - C:\WINDOWS\tsxngabr.dll

O21 - SSODL: vtqnxfko - {D93198FC-72D0-44A3-967C-6E98DA6BA9D7} - C:\WINDOWS\vtqnxfko.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm



__________________
Blankety Blank
Reply With Quote
  #4  
Old Aug 25th, 08, 2:41 AM
Core's Avatar
Core
voyeur
Posts: 1,067
Status: Offline
shield_mod.gifreviewst.png 		 
From: San Antonio, TX
Joined: Jun 2003
Rep: Core is a splendid one to beholdCore is a splendid one to beholdCore is a splendid one to beholdCore is a splendid one to beholdCore is a splendid one to beholdCore is a splendid one to behold
im_gtalk.gif
Use AdAware from Safe Mode, and update XP to SP3.



__________________
Hello, World!
Reply With Quote
Reply

Tags
comp, plz, wid

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Comp saying no LAN connectivity binarysoul Networking 4 Aug 25th, 05 4:42 AM
torrent and comp sharingan Software Support 20 Feb 10th, 05 1:24 AM
my new comp Nickweb Off-Topic Chat 1 Jan 3rd, 05 10:24 PM
Help me fix my comp, please Fox Windows Legacy (95,98,ME,NT,2000) 1 Jun 13th, 04 6:27 AM
OMG, i hate my comp....... TacoX General Hardware 23 Aug 29th, 03 4:59 PM


All times are GMT +1. The time now is 6:46 PM.

Contact Us - Archive - Links - Top