|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Suki
Trooper
Joined: Mar 29, 2004
Posts: 17
|
 Posted: Sat Jun 05, 2004 12:26 am Post subject: Text on computer going wild!, could you check my log? |
|
|
 Hi, I hope someone can help soon. I had left my cpmputer on while downloading some files, and when I got back to it one hour later I found all text to be unreadable, like a blur or spots over the text in all programs I opened!...It's like one single pattern, the same one repeated over text on every browser window and any program window I opened. I don't know what it could be. I ran AVG...nothing, Lavasoft Adaware seems to find many things everytime I run it but nothing works. Could yo take a look at my log pls?
Logfile of HijackThis v1.97.7
Scan saved at 0:22:22, on 05-06-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\MIXER.EXE
C:\SCNJET5S\HPSJPL32.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\SECOND NATURE\SNSICON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE
C:\ARCHIVOS DE PROGRAMA\BIRTHDAY\BIRTHDAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\INSTALADORES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emol.cl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARCHIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NPROTECT] C:\Archivos de programa\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [HPSJ5 Polling Driver] C:\SCNJET5S\hpsjpl32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARCHIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Archivos de programa\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Snsicon.lnk = C:\Archivos de programa\Second Nature\Snsicon.exe
O4 - Startup: Reboot.exe
O4 - Startup: Acceso directo a MSOFFICE.lnk = C:\Archivos de programa\Microsoft Office\Office10\MSOFFICE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Birthday.lnk = C:\Archivos de programa\Birthday\Birthday.exe
O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C....881099537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me...b28177.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So...b28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Thanks! |
|
| Back to top |
|
 |
virus_guy
Trooper
Joined: Apr 16, 2004
Posts: 31
Location: Pakistan
|
| Posted: Sat Jun 05, 2004 6:33 pm Post subject: |
|
|
Hi.
I'm not good at analyzing the Hijack this log..but it seems that your ok.Besides the text going mad thing happens with my computer all the time when I'm trying to run too many programs at the same time  ..when that happens,just hit alt+ctrl+delete and end the program thats not responding.
Am I right,guys?
_________________
Website=coming soon. |
|
| Back to top |
|
|
Suki
Trooper
Joined: Mar 29, 2004
Posts: 17
|
| Posted: Thu Jun 10, 2004 12:32 pm Post subject: Not entirely yet... |
|
|
Thanks for your help!. Sorry I didn't write sooner but I'm still having trouble with my computer. Now it seems I'm getting new trojans every week!. Must be that time of the year.
I'm posting my log again in case anyone sees something wrong now.Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 12:38:24, on 10-06-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\SYMTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\ENIGMA SOFTWARE GROUP\SPYHUNTER\POPUPBLOCKER\ENIGMAPOPUPSTOP.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\SECOND NATURE\SNSICON.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE
C:\ARCHIVOS DE PROGRAMA\BIRTHDAY\BIRTHDAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\INSTALADORES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emol.cl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARCHIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Archivos de programa\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Archivos de programa\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Archivos de programa\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARCHIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Archivos de programa\Archivos comunes\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Archivos de programa\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Archivos de programa\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - Startup: Snsicon.lnk = C:\Archivos de programa\Second Nature\Snsicon.exe
O4 - Startup: Reboot.exe
O4 - Startup: Acceso directo a MSOFFICE.lnk = C:\Archivos de programa\Microsoft Office\Office10\MSOFFICE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Birthday.lnk = C:\Archivos de programa\Birthday\Birthday.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Archivos de programa\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Norton GoBack.lnk = C:\Archivos de programa\Norton SystemWorks\Norton GoBack\GBTray.exe
O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C....881099537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me...b28177.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So...b28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
