Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

weisscot

1 Message

251

February 19th, 2007 17:00

EXPL_WMF.GEN help

I got a virus on my computer the other day and need some help. I'm running Trend Micro 2005 on my computer and I repeatedly get the following virus alerts: EXPL_WMF.GEN EXPL_EXECOD.A TROJ_NASCENE.Y JS_INOR.BU On all of these I get either a quarantine fail or clean fail for an action. Some of the symptons that I am having are: task manager has been disabled by the administrator I cannot view any pictures that have been saved on my computer Also I get repeated pop-ups of unwanted sites Here is a look at my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:07:35 PM, on 2/18/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stisvsq1.exe C:\WINDOWS\svshost1.exe C:\WINDOWS\msqdevl1.exe C:\WINDOWS\lssas1.exe C:\WINDOWS\mservice1.exe C:\WINDOWS\System32\ctfmon.exe E:\downloads\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe E:\PROGRA~1\TRENDM~1\PcCtlCom.exe E:\PROGRA~1\TRENDM~1\Tmntsrv.exe E:\PROGRA~1\TRENDM~1\TmPfw.exe C:\WINDOWS\rhds.exe E:\PROGRA~1\TRENDM~1\PccGuide.exe C:\WINDOWS\System32\wuauclt.exe E:\PROGRA~1\TRENDM~1\tmproxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\WINZIP\winzip32.exe D:\hijack this\HijackThis.exe C:\WINDOWS\iau1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.effectsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.effectsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = - R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Microsoft Office Quick Launcher] iau1.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq1.exe O4 - HKLM\..\Run: [Games Acceleration] svshost1.exe O4 - HKLM\..\Run: [Internet Mail and News] msqdevl1.exe O4 - HKLM\..\Run: [Microsoft Management Console] lssas1.exe O4 - HKLM\..\Run: [Multimedia extensions] mservice1.exe O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq1.exe O4 - HKCU\..\Run: [Games Acceleration] svshost1.exe O4 - HKCU\..\Run: [Internet Mail and News] msqdevl1.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas1.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice1.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\downloads\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - E:\PROGRA~1\TRENDM~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - E:\PROGRA~1\TRENDM~1\tmproxy.exe Any help would be greatly appreciated.

zbestwun2001

4 Apprentice

 • 

8.8K Posts

February 19th, 2007 19:00

We are having problems with our forum software. Until these issues are resolved, our analysts are unable post formatted fixes in reply to your HijackThis logs.

Please consider posting your HijackThis logs at one of these other security forums so that the logs can be handled in a timely manner:

(Non- clickable links)
http://www.bleepingcomputer.com/forums/
http://www.castlecops.com/forums.html
http://www.geekstogo.com/forum/
http://forum.malwareremoval.com/
http://forums.spywareinfo.com/
http://forums.subratam.org/
http://forums.tomcoyote.org/
Additional forums that offer HijackThis analysis can be found at this link in the recommended sites section on the left side of the page:
http://asap.maddoktor2.com/

Thank you.

Was this post helpful?

View All

No Events found!

Top