Big P Posted July 5, 2008 Report Share Posted July 5, 2008 wow! Just reformat it. after you do that down load Mozilla Firefox then add adblock pluss ad on. Down Load free Avast Anti Virus. Then dont ever open windows explorer again. Also dont ever install any tool bars on your pc. Quote Link to comment Share on other sites More sharing options...
razor5070 Posted July 5, 2008 Report Share Posted July 5, 2008 Bingo O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\opnmLcba.dll,#1 That's the one. I'll look up how to remove it later, i'm tired... Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 Bingo O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\opnmLcba.dll,#1 That's the one. I'll look up how to remove it later, i'm tired... i had a feeling this was the problem because my spysweeper keeps saying i have an alert to review then i go in and it is called MSServer and sometimes there is another one called CMD then i remove them and then another rundll.exe pops up in my processes and my icons and startbar disappear. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 ok so my spysweeper found a trojan downloader-waverevenue and a virus-(troj/Virtum-Gen) They are now deleted but i don't think this fixed my problem. Just thought i would post up here. Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
AI James Posted July 5, 2008 Report Share Posted July 5, 2008 a system restore may get rid of it if you know a point that it wasnt happening Quote Link to comment Share on other sites More sharing options...
razor5070 Posted July 5, 2008 Report Share Posted July 5, 2008 i dought a system restore would do it. find a good antivirus that does boot time scans. Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 (edited) i dought a system restore would do it.find a good antivirus that does boot time scans. http://www.experts-exchange.com/Software/I...Q_23032497.html I did what it said on there and here is my new hijack log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:11:16 PM, on 7/5/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Users\Tyler\winlogon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Windows\Explorer.exe C:\Windows\System32\notepad.exe C:\Users\Tyler\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5656 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5656 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe" O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Tyler\winlogon.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6563 bytes But i dont know if I should do the CFScript part : "Yes, looking better, still some cleanup work to do with CF. 1. Open Notepad. 2. Now copy/paste the text between the lines below into the Notepad window: --------------------------------------------------------------------------------------------------------------- Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{7BED1F14-57E9-4E35-943F-CE1688F6CB4E}"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 --------------------------------------------------------------------------------------------------------------- 3. Save the above as CFScript.txt on your desktop. 4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please upload the following Combofix.txt " Should i do that part to??? Edited July 5, 2008 by ///Alpine91 Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
AI James Posted July 5, 2008 Report Share Posted July 5, 2008 more often then not a sys restore from safe mode WILL work, ive done it 100's of times a day for people Quote Link to comment Share on other sites More sharing options...
razor5070 Posted July 5, 2008 Report Share Posted July 5, 2008 Well any good virus infects the system restore aswell, but ive figured it out allready. It's the viewpoint service. Download the fix here pick your version and download it, run it and check remove and block viewpoint media player Quote Link to comment Share on other sites More sharing options...
///Alpine91 Posted July 5, 2008 Author Report Share Posted July 5, 2008 Well any good virus infects the system restore aswell, but ive figured it out allready.It's the viewpoint service. Download the fix here pick your version and download it, run it and check remove and block viewpoint media player AIM hacks? Quote 1 DC lvl 4 15" 1 Hifonics BXi 1608D 3.2ft^3 Box tuned to 32-33Hz Knu Kolossus Fleks Kable 1/0 Knu Karma SS 8 Gauge Speaker Wire Kenwood eXcelon KDC-X493 Head Unit (coming soon) Kenwood mids + highs (coming soon) Build Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.