D
dupuis1980
My computer was crashing with message form issas.exe, looked it up an
talked about sasser worm. did everything I could to get rid of it bu
asid I dont have it.
when I try to open up task manager it closes instanly before I can eve
read what is running, same with command prompt closes instantly. I hav
ran all these programes in safe mode and in reg. all showed up nothin
and all are up to date. (AVG FREE, AD-AWARE, SPYBOT S-D, STOP SIGN, P
TOOLS, AND MICROSOFT MALLISIOUS.) i EVEN WENT INTO SAFE MODE AND RA
CW SHREDDER AND HIJACKTHIS, ALL TURNED UP NEGITIVE. i RUN REGISTRY FI
BUT i DONT THINK THAT IS THE PROBLEM. i AM CONFUSED.
tHIS IS HIJACKTHIS LOG IF ANYONE KNOWS WHAT THEY R i DONT
HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 9:33:25 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
http://tinyurl.com/dg5bw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page
http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Interne
Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Progra
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467}
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Progra
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex
/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsof
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft messenger sd] msngersd.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gatewa
Utilities\GWInkMonitor.exe"
O4 - HKLM\..\RunServices: [Microsoft messenger sd] msngersd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Searc
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft messenger sd] msngersd.exe
O4 - HKCU\..\RunServices: [Microsoft messenger sd] msngersd.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Progra
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Progra
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Progra
Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\progra
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - C:\Progra
Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Progra
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Interne
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
http://tinyurl.com/7ogl9
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E}
(TechToolsActivex.TechTools) - file://C:\Program
Files\Gateway\helpspot\TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://tinyurl.com/b975d
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35}
(RunExeActiveX.RunExe) - file://C:\Program
Files\Gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
(StartFirstControl.CheckFirst) - file://C:\Program
Files\Gateway\helpspot\StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1}
(XPLControlProject.XPLControl) - file://C:\Program
Files\Gateway\helpspot\XPLControl.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B31E1EEA-E1E1-4D49-AC6F-F84150C57B5F}:
NameServer = 206.47.244.108 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common
Files\Lanovation\PrismXL\PRISMXL.SYS
talked about sasser worm. did everything I could to get rid of it bu
asid I dont have it.
when I try to open up task manager it closes instanly before I can eve
read what is running, same with command prompt closes instantly. I hav
ran all these programes in safe mode and in reg. all showed up nothin
and all are up to date. (AVG FREE, AD-AWARE, SPYBOT S-D, STOP SIGN, P
TOOLS, AND MICROSOFT MALLISIOUS.) i EVEN WENT INTO SAFE MODE AND RA
CW SHREDDER AND HIJACKTHIS, ALL TURNED UP NEGITIVE. i RUN REGISTRY FI
BUT i DONT THINK THAT IS THE PROBLEM. i AM CONFUSED.
tHIS IS HIJACKTHIS LOG IF ANYONE KNOWS WHAT THEY R i DONT
HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 9:33:25 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
http://tinyurl.com/dg5bw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page
http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Interne
Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Progra
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467}
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Progra
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex
/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsof
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft messenger sd] msngersd.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gatewa
Utilities\GWInkMonitor.exe"
O4 - HKLM\..\RunServices: [Microsoft messenger sd] msngersd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Searc
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft messenger sd] msngersd.exe
O4 - HKCU\..\RunServices: [Microsoft messenger sd] msngersd.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: SpywareGuard.lnk = C:\Progra
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Progra
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Progra
Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\progra
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - C:\Progra
Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Services
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Progra
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Interne
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
http://tinyurl.com/7ogl9
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E}
(TechToolsActivex.TechTools) - file://C:\Program
Files\Gateway\helpspot\TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://tinyurl.com/b975d
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35}
(RunExeActiveX.RunExe) - file://C:\Program
Files\Gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
(StartFirstControl.CheckFirst) - file://C:\Program
Files\Gateway\helpspot\StartFirstControl.CAB
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1}
(XPLControlProject.XPLControl) - file://C:\Program
Files\Gateway\helpspot\XPLControl.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B31E1EEA-E1E1-4D49-AC6F-F84150C57B5F}:
NameServer = 206.47.244.108 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -
C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common
Files\Lanovation\PrismXL\PRISMXL.SYS