whyme Posted April 24, 2006 Report Share Posted April 24, 2006 Hello everyone. I hate to be bothersome to you all but I was directed here by TheTerrorist.http://thearena.invisionzone.com/index.php?showtopic=599That is a link to things i've posted there and he said you guys would be of some help.To give the lowdown, I stupidly clicked on a link sent through AIM with a virus on it. Now i'm getting pop ups randomly even when I don't have a browser open.If you guys could give me a hand it would be much appreciated. I appologize for bothering you with this. Thanks. Link to post Share on other sites
TheTerrorist_75 Posted April 24, 2006 Report Share Posted April 24, 2006 You are more than welcome here. I will post your log so it easier for the experts to view.Logfile of HijackThis v1.99.1Scan saved at 12:09:54 PM, on 4/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\pmwfdy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\gwojd.exeC:\WINDOWS\system32\gwojd.exeC:\WINDOWS\system32\gwojd.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Linksys wireless-g usb wireless network monitor\WLService.exeC:\Program Files\Linksys wireless-g usb wireless network monitor\WUSB54Gv2.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\sstray.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exeC:\WINDOWS\twain_32\ca561a\SnapDetect.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Yahoo!\Messenger\ypager.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\AIM\aim.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\DOCUME~1\Gokujon\LOCALS~1\Temp\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankF2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\gwojd.exeF2 - REG:system.ini: UserInit=userinit.exe,rrunnfj.exeO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: BrowserPlugin Class - {AC716F07-89CE-4A95-8DD0-37C429C263DA} - C:\Program Files\Advanced Reality Inc\jYbe (beta)\Jybe.dllO3 - Toolbar: &Jybe Toolbar - {74654569-770F-44c2-BB4C-9323BB8BEC9F} - C:\Program Files\Advanced Reality Inc\jYbe (beta)\Jybe.dllO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /rO4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [pebwdw] C:\WINDOWS\system32\pmwfdy.exe reg_runO4 - HKLM\..\Run: [wf543b45.dll] RUNDLL32.EXE wf543b45.dll,I2 0008846f0f543b45O4 - HKLM\..\Run: [w1eee3b6.dll] RUNDLL32.EXE w1eee3b6.dll,I2 0008846f01eee3b6O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -aO4 - HKCU\..\Run: [lbiye] C:\WINDOWS\system32\pmwfdy.exe reg_runO4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exeO4 - Global Startup: iujgj.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missingO16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cabO16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXEO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys wireless-g usb wireless network monitor\WLService.exe" "WUSB54Gv2.exe (file missing) Link to post Share on other sites
jwbirdsong Posted April 24, 2006 Report Share Posted April 24, 2006 Welcome indeed...although your Hijackthis log is 2 days old i think we've got a good starting point, it will take several steps to get rid of this(these) baddies.Please download the Suspicious File Packer from here:http://www.safer-networking.org/files/sfp.zipUnzip it to the desktop and run it.Paste the following list into the Suspicious File Packer window:C:\WINDOWS\system32\gwojd.exeC:\WINDOWS\system32\pmwfdy.exeC:\WINDOWS\system32\rrunnfj.exeAllow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to me at:jwbsubmit AT aim DOT comPlease download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive isClick "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as) Place qoofix.bat in your C:\BFU - folder. (Important!) Doubleclick qooFix.bat, Close all browsers and explorer folders.Choose option 1 (Qoolfix autofix) and follow the prompts. Please be patient, it will take about five minutes.After the PC has restarted please continue with the followingDownload and run F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtmlRun the program, accept statement>next>click> scan>next.If any items are detected have blacklite rename them except for "wbemtest.exe".Do not rename "wbemtest.exe" its a windows file. If there are any other files you THINK may be valid don't rename them. The tool will ask if you want to reboot (restart) choose yes.Finally, please post * a new HijackThis log * log from blacklight; log will be named fsbl-<date/time>.log eg. fsbl-20060404134642.log. Link to post Share on other sites
whyme Posted April 24, 2006 Author Report Share Posted April 24, 2006 Ok here is the new log for HighjackLogfile of HijackThis v1.99.1Scan saved at 6:07:17 PM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Linksys wireless-g usb wireless network monitor\WLService.exeC:\Program Files\Linksys wireless-g usb wireless network monitor\WUSB54Gv2.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\sstray.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exeC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exeC:\WINDOWS\twain_32\ca561a\SnapDetect.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\HighjackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: BrowserPlugin Class - {AC716F07-89CE-4A95-8DD0-37C429C263DA} - C:\Program Files\Advanced Reality Inc\jYbe (beta)\Jybe.dllO3 - Toolbar: &Jybe Toolbar - {74654569-770F-44c2-BB4C-9323BB8BEC9F} - C:\Program Files\Advanced Reality Inc\jYbe (beta)\Jybe.dllO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /rO4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [wf543b45.dll] RUNDLL32.EXE wf543b45.dll,I2 0008846f0f543b45O4 - HKLM\..\Run: [w1eee3b6.dll] RUNDLL32.EXE w1eee3b6.dll,I2 0008846f01eee3b6O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -aO4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missingO16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cabO16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXEO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys wireless-g usb wireless network monitor\WLService.exe" "WUSB54Gv2.exe (file missing)It found nothing on the Blacklight but I wasn't sure where to find the logfile at. Link to post Share on other sites
jwbirdsong Posted April 25, 2006 Report Share Posted April 25, 2006 First of all, you will need to print out this post and/or save a copy as a text file in Notepad; that way you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fixPlease download Ewido Anti Malware, it is a free version of the program. Install ewido security suite When installing the program, under "Additonal Options" uncheck... Install background guard Install scan via context menu[*] Launch ewido, there should now be an icon on your desktop, double-click it.[*] The program will now open to the main screen.[*] When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*] You will need to update ewido to the latest definition files: On the left hand side of the main screen click update. Then click on Start Update.[*] The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display "Update successful")[*] Close Ewido If you are having problems with the updater, you can use this link to manually update ewido.Ewido manual updatesPlease run HijackThis and click "Scan." Place checks next to the following entries:O4 - HKLM\..\Run: [wf543b45.dll] RUNDLL32.EXE wf543b45.dll,I2 0008846f0f543b45O4 - HKLM\..\Run: [w1eee3b6.dll] RUNDLL32.EXE w1eee3b6.dll,I2 0008846f01eee3b6You may also optionally check ANY, ALL, or NONE of the following entries for removal:All of the following are UN-needed to run at startup. They can be ran as needed; saving system resources for better uses.O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietClose all browser and other windows except for HijackThis, and click "Fix Checked". Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode.For additional help in booting into Safe Mode, see the following site:http://www.pchell.com/support/safemode.shtmlStart Ewido Anti-Malwaree Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning) Click on Complete System Scan, the scan will now begin. While the scan is in progress you will be promted to clean files, click OK. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report. Click Save Report. Now save the report .txt file to your desktop. Close EwidoWhen Ewido is finished scanning; reboot back to normal mode run this online virus scan:(MUST use IE) ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button- Enter your Country- Enter your State/Province- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)- Select either Home User or Company Click the big Scan Now buttonIf/when you get a notice that Panda wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on Local Disks to start the scanWhen the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop.Reboot and Post The Ewido log A new HijackThis logPanda Results in your next reply here. Link to post Share on other sites
whyme Posted April 27, 2006 Author Report Share Posted April 27, 2006 Just wanted to update you. I am currently in the process of doing the Ewido.But i'm having problems. The initial problem found around 150,000 infected problems! I had no idea I had that much. It would get going but when it got to the fixing point, it would freeze after a while. So I spent all day doing that and I still haven't got it finished.I have about 80,000 left to fix. I'll be done eventually. Not sure if it'll save a log though. Link to post Share on other sites
jwbirdsong Posted April 27, 2006 Report Share Posted April 27, 2006 If you are having that much trouble....try the Panda scan and see if you can get a log frtfom that..we may be able to delete a goodly number of the files manually.....Panda may take care of some itself too. Link to post Share on other sites
jwbirdsong Posted May 14, 2006 Report Share Posted May 14, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts