Solve : Pc wont work without virus [RESOLVED]? – InterviewSolution

InterviewSolution

1.	Solve : Pc wont work without virus [RESOLVED]?
Answer» Before i do anything i how do i find out my ISP Dont want to delete incase it is mine.You don't know your ISP? Who do you send your payments to? Ha. Well, in any case...deleting that entry won't interfere with your internet. Some infections just tend to change the IP address in order to redirect you to their site when you visit certain pages. However, since the address in your log points to RIPE, I wouldn't be too concerned. Whether you fix it or not, you should be fine.WELL THAT WAS FUN!! HAHA heres the 1st log I FORGOT to save the hijack this scan i just deleted the files you told me to sorry , i have done one in normal mode Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe::Enabled:Firefox" "C:\\Program Files\\Ahead\\SIPPS\\Phone.exe"="C:\\Program Files\\Ahead\\SIPPS\\Phone.exe::Disabled:Phone" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe::Enabled:btdownloadgui" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe::Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe::Enabled:Delivery Manager Service" "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe::Enabled:TrueVector Service" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:MSN Messenger 7.5" "C:\\Program Files\\BitLord2\\BitLord.exe"="C:\\Program Files\\BitLord2\\BitLord.exe::Enabled: " "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:æTorrent" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe::Enabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1179284815\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1179284815\\ee\\aolsoftware.exe::Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1179284815\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1179284815\\ee\\aim6.exe::Enabled:AIM" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.141\\GeonX.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.141\\GeonX.exe::Enabled: " "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe::Enabled:DC++" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX05.844\\DCPlusPlus.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX05.844\\DCPlusPlus.exe::Enabled:BCDC++" "C:\\Program Files\\Common Files\\AOL\\1179371629\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1179371629\\ee\\aolsoftware.exe::Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1179371629\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1179371629\\ee\\aim6.exe::Enabled:AIM" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.406\\TSearch.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX00.406\\TSearch.exe::Enabled:TSearch Application" "C:\\Documents and Settings\\Owner\\Favorites\\Desktop\\internet explore.exe"="C:\\Documents and Settings\\Owner\\Favorites\\Desktop\\internet explore.exe::Enabled:Internet Explorer" "C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX05.547\\TSearch.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX05.547\\TSearch.exe::Enabled:TSearch Application" "C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe::Enabled:ICQ" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe::Enabled:RealPlayer" "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe::Enabled:ICQ6" "C:\\Program Files\\Real\\RealProducerPlus\\realprod.exe"="C:\\Program Files\\Real\\RealProducerPlus\\realprod.exe::Enabled:RealProducer Plus" "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\winBF.tmp.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\winBF.tmp.exe::Enabled:winBF.tmp" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:MSN Messenger 7.5" Remaining Files: --------------- Hijackthis scan>>>> Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:34:09, on 02/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\Owner\My Documents\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.icq.com/start O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B80BF6E-4C18-457B-89FD-3FF1D5092F16}: NameServer = 212.139.132.21 212.139.132.20 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- END of file - 4244 bytes Well, Tony, it looks pretty clean to me. And I hope it stays that way! I recommended some protection programs to you before and if you did indeed download them, then I feel no need to lecture you there. You said you installed a firewall? I don't see any mention of one in your log; is it enabled? I can recommend some good free firewalls if you want. You need to update your programs regularly and scan in Safe Mode at least once a week. And most importantly, you should stay away from those warez sites! They're nothing but trouble for you. And if you continue to get infected from them, I'm obligated by the policy here to no longer assist you because it creates a lot of unnecessary work. And, well, that sort of ACTIVITY is generally frowned upon here. If you don't already have it, I would suggest getting SpywareBlaster on that computer. It doesn't run in the background, so it won't slow down your computer. All it does is make some changes to the registry to help prevent spyware from getting downloaded onto your computer. This, of course, won't protect you from everything; it just helps a bit. If you have any questions, feel free to ask and I'll do my best to answer.I dont think i will be going into those sites no more To much hassle than its worth to be honest...... Cheers for ya help chris. As always you come through mate. Top jobSorry and yes i have spywareblahster just clicked it haha .... have a look at my post in networking . Not sure if thats your area but it certainlly aint mine lol haha. cheers againI'm glad I could help you out here. And I'll be sure to take a look at your post, but I'll warn you, it's not my area either. Ha.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem. EDIT: Tony, expect a PM from me soon. There are still a couple of things I want to go over with you.

Discussion

No Comment Found

Related InterviewSolutions