|
Donations |
|
|
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
The_Swede
Cadet
Joined: Mar 14, 2004
Posts: 9
Location: Sweden
|
Posted: Mon May 17, 2004 11:49 am Post subject: Help me in my weakness... |
|
|
This is the problem: Almost everytime I turn my computer on, things seem fine until about five minutes after I've logged in. Then the screen becomes totally gray and no mouse or keyboard can be used. The only way to exit the system is by pulling the plug. If I go into safe mode this mystrious virus does not show up on any scans - and I use:
Norton Antivirus
Spybot search and destroy
Spywareblaster
Spywareguard
Spysweeper
Please help!
here is the HJT log:
Logfile of HijackThis v1.97.7
Scan saved at 17:49:39, on 2004-05-17
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\FVAULT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\TIKL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM\WINAMP\WINAMPA.EXE
C:\PROGRAM\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM\DC++\DCPLUSPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM\WINAMP\WINAMP.EXE
C:\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/def...earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F1 - win.ini: run=c:\fvault.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRAM\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\PROGRAM\FAMILYKEYLOGGER\CISVC.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TiKL] C:\WINDOWS\SYSTEM\TIKL.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [dcpqlgf] C:\WINDOWS\dcpqlgf.exe
O4 - HKLM\..\Run: [nyh] C:\WINDOWS\nyh.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [AntiLostCD] C:\PROGRAM\ANTI-LOST CD EJECTOR\ANTILOSTLITE.EXE
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\PROGRAM\HDD THERMOMETER\HDD THERMOMETER.EXE
O4 - Startup: SpywareGuard.lnk = C:\PROGRAM\SpywareGuard\sgmain.exe
O4 - Startup: IP_booster21.dll.lnk = C:\WINDOWS\SYSTEM\r_server.exe
O4 - User Startup: SpywareGuard.lnk = C:\PROGRAM\SpywareGuard\sgmain.exe
O4 - User Startup: IP_booster21.dll.lnk = C:\WINDOWS\SYSTEM\r_server.exe
O8 - Extra context menu item: Download by Net Transport - C:\PROGRAM\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRAM\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRAM\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRAM\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.sve.chello.se/ssi/welcome/welcome.php?url=home
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...4789351852
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/...mv9VCM.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003...scan53.cab
O16 - DPF: {8701E3B9-DC63-440B-83A1-80F27A4FCAFA} (Vacpro.emsat_ver2_new2) - http://www.7adpower.com/dialer/emsat_ver2_new2.CAB
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://ax.180solutions.com/Installer/180SAInstaller.cab |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|