|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 help, got that black virus desktop screen(Click here to view the original thread with full colors/images)Posted by: vipercrazed i downloaded defender which found some stuff, and didnt delete it, and i downloaded norton which doesnt even run read other thread in spyware section Logfile of HijackThis v1.99.1 Scan saved at 8:11:13 PM, on 6/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://searchbar.findthewebsiteyouneed.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchbar.findthewebsiteyouneed.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchbar.findthewebsiteyouneed.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.findthewebsiteyouneed.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchbar.findthewebsiteyouneed.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchbar.findthewebsiteyouneed.com[/url] F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hqakv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,smhoghk.exe O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsg163.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\system32\dxvwfoid.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - Global Startup: svchost.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ilhglgkc.dll O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dxvwfoid.exe O21 - SSODL: DVLVS - {64582389-CEF2-8923-E3DA-38627BC21496} - C:\WINDOWS\system32\ccefjvn.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Posted by: talldude123 Fix the following entries with HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://searchbar.findthewebsiteyouneed.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchbar.findthewebsiteyouneed.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchbar.findthewebsiteyouneed.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.findthewebsiteyouneed.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchbar.findthewebsiteyouneed.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchbar.findthewebsiteyouneed.com[/url] F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hqakv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,smhoghk.exe O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsg163.dll O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\system32\dxvwfoid.exe O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - Global Startup: svchost.exe O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ilhglgkc.dll O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dxvwfoid.exe O21 - SSODL: DVLVS - {64582389-CEF2-8923-E3DA-38627BC21496} - C:\WINDOWS\system32\ccefjvn.dll Posted by: vipercrazed now what? i fixed everything you said, still go the same desktop warning got this log: Logfile of HijackThis v1.99.1 Scan saved at 6:42:08 PM, on 6/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe D:\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hqakv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,smhoghk.exe O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Posted by: talldude123 You still have some nasties to fix: F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\hqakv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,smhoghk.exe O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll Can you post a screenshot of what the desktop warning says? Just push "Print Screen" on the keyboard, paste into paint, and then attach. Posted by: vipercrazed im having trouble fixing those four files, do they delete immeditatly? im gon await for the program to stop or somethign cause its showing a blank list, ill take a screen shot when im not in safe mode i waited a while those files aint deletin so somethins up Posted by: talldude123 Just show a screenshot. If it doesnt upload here at TF, use an image upload site such as Putfile.com Posted by: vipercrazed it wont print screen, i took camera phone pics, yea i know :( Posted by: vipercrazed heres the warning if you cant read it says somethin like windows has detected spyware/adware, it is strongly recommended that you install virus software to protect your computer from file loss Posted by: talldude123 Windows Repair Install [url]www.michaelstevenstech.com/XPrepairinstall.htm[/url] Posted by: vipercrazed you could of said, you cant fix it but i get your drift. ive repaired before but windows wouldnt start normally so ill just be more carefull, i dont want to read that tut it looks LONG they make it so confusing, i hate smart people, all you have to do is put in the xp disk load from it and when it scans your systemit will tell you to reinstall or repair vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |