Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

A

additup64

5 Posts

10618

December 1st, 2007 17:00

My control Panel has disappeared


I could use some help..


My Control Panal has disappeared, I have casino  and Free online dating Icons on my desktop and my I get messages that spyware has been detected. I have included my Highjackthis log file.

Thanks


 

additup64

 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:50 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: findfast.exe
O4 - Startup: infos.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: autos.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 2589 bytes

zbestwun2001

8.8K Posts

December 1st, 2007 19:00

Please post the HJT log in the HiJackThis Forum

By the way please post the entire log, this log is incomplete.

Thanks,
ZB1

Message Edited by zbestwun2001 on 12-01-2007 01:28 PM

additup64

5 Posts

December 1st, 2007 22:00

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:32:03 PM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\avp.exe C:\WINDOWS\mgrs.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - Startup: findfast.exe O4 - Startup: infos.exe O4 - Global Startup: autorun.exe O4 - Global Startup: autos.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS3\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- End of file - 2783 bytes

Bugbatter

20.5K Posts

December 2nd, 2007 01:00

additup64,
What type of realtime anti-virus protection are you using?

additup64

5 Posts

December 2nd, 2007 11:00

I have never purchased any addtional protection. Just what might be loaded in the computer when I recieved it.. I have a dell D620 Latitude. Purchased 8 months ago. Running windows XP

additup64

5 Posts

December 2nd, 2007 11:00

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:22 AM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\avp.exe C:\WINDOWS\mgrs.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - Startup: findfast.exe O4 - Startup: infos.exe O4 - Global Startup: autorun.exe O4 - Global Startup: autos.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O17 - HKLM\System\CS3\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13 O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
-- End of file - 2540 bytes

Bugbatter

20.5K Posts

December 2nd, 2007 17:00

If possible, please remove your outdated anti-virus program. Install a free anti-virus application and run it before posting on the Hijackthis Board.

Grisoft’s AVG Free:
http://free.grisoft.com/freeweb.php/doc/2/
Before installing it, however, be sure that the remnants of all prior anti-virus software have been removed. If you need support for AVG, their forum is located here: http://forum.grisoft.cz/freeforum/

Posting Your Log:

1. Just click the New Message button in the HijackThis forum here: http://www.dellcommunity.com/supportforums/board?board.id=si_hijack
to start your own thread requesting assistance.
2. In the Message Body window that opens, simply Right-Click and select Paste.
3. Please add text to describe your symptoms.
4. Include in the message subject line a description of your problem. For example, "Popups warning of infection".
5. Make certain you post the entire log by clicking the Preview Post link at the bottom of the window and comparing it to the log from your scan before you click Submit Post

** Note: "The box next to Automatically convert carriage returns to HTML line breaks" should be checked if that appears at the bottom of your Message Body when composing your post.

* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or required.

View More

View All

No Events found!

Top