Unsolved
This post is more than 5 years old
5 Posts
0
10618
My control Panel has disappeared
I could use some help..
My Control Panal has disappeared, I have casino and Free online dating Icons on my desktop and my I get messages that spyware has been detected. I have included my Highjackthis log file.
Thanks
additup64
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:50 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Scan saved at 1:09:50 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: findfast.exe
O4 - Startup: infos.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: autos.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: findfast.exe
O4 - Startup: infos.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: autos.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{22A5DC01-3D7E-4D7D-B97A-C200A20DC5ED}: NameServer = 166.102.165.11 166.102.165.13
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
--
End of file - 2589 bytes
End of file - 2589 bytes
zbestwun2001
8.8K Posts
0
December 1st, 2007 19:00
By the way please post the entire log, this log is incomplete.
Thanks,
ZB1
Message Edited by zbestwun2001 on 12-01-2007 01:28 PM
additup64
5 Posts
0
December 1st, 2007 22:00
Bugbatter
20.5K Posts
0
December 2nd, 2007 01:00
What type of realtime anti-virus protection are you using?
additup64
5 Posts
0
December 2nd, 2007 11:00
additup64
5 Posts
0
December 2nd, 2007 11:00
Bugbatter
20.5K Posts
0
December 2nd, 2007 17:00
Grisoft’s AVG Free:
http://free.grisoft.com/freeweb.php/doc/2/
Before installing it, however, be sure that the remnants of all prior anti-virus software have been removed. If you need support for AVG, their forum is located here: http://forum.grisoft.cz/freeforum/
Posting Your Log:
1. Just click the New Message button in the HijackThis forum here: http://www.dellcommunity.com/supportforums/board?board.id=si_hijack
to start your own thread requesting assistance.
2. In the Message Body window that opens, simply Right-Click and select Paste.
3. Please add text to describe your symptoms.
4. Include in the message subject line a description of your problem. For example, "Popups warning of infection".
5. Make certain you post the entire log by clicking the Preview Post link at the bottom of the window and comparing it to the log from your scan before you click Submit Post
** Note: "The box next to Automatically convert carriage returns to HTML line breaks" should be checked if that appears at the bottom of your Message Body when composing your post.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or required.