Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Hi, any chance of help with this?  (Read 8097 times)

0 Members and 1 Guest are viewing this topic.

bamfy

    Topic Starter


    Starter

    Hi, any chance of help with this?
    « on: May 18, 2009, 02:48:07 PM »
    Hi,

    firstly thanks for your help in advance... I have had this problem a week now and been going through the forum and can't find a fix.

    Firstly i am unable to use windows properly. At present when i start my laptop up i get to the log on screen and enter my details and then all i get in the background and the arrow there.. i have to manually run explorer.exe.... Today it wont even start explorer.exe it pops up with a windows explorer error.

    I have to open programs such as firefox ect with the task manager which is becoming a pain. Other this i have noticed is about 25/30 cmd.exe processes running at times.. and some .tmp files running... I also get a bsod popping up at times and the error is "page fault in non paged area"

    hope you can help!!

    thanks

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:59:49, on 18/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bmwebcfg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/de...=uk&l=en&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2081027
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2081027
    O2 - BHO: MS extension - {E59CAA7A-E7C2-4ca4-BA16-BE41FBC048A8} - interconn32.dll (file missing)
    O4 - HKLM\..\Run: [20920] C:\veavtuf.exe
    O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
    O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
    O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\who r you\reader_s.exe
    O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZUfox000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\sezulono.dll c:\windows\system32\nojelawo.dll
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    --
    End of file - 4628 bytes
    Logged

    Karnac



      Specialist

      Thanked: 211
      Re: Hi, any chance of help with this?
      « Reply #1 on: May 18, 2009, 02:56:16 PM »
      See if you can run the other two programs from the guidelines....

      http://www.computerhope.com/forum/index.php/topic,46313.0.html

      and post the logs.
      Logged


      Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

      bamfy

        Topic Starter


        Starter

        Re: Hi, any chance of help with this?
        « Reply #2 on: May 18, 2009, 03:18:21 PM »
        hi there,

        i tried the other two programs.. when i run superantispyware i get bsod with the error explained above.. the laptop has now rebooted and has the explorer.exe starting on its own but tons of cmd.exe files running... here is ccleaner log and new hjt log

        CLEANING COMPLETE - (1.778 secs)
        ------------------------------------------------------------------------------------------
        8.16MB removed.
        ------------------------------------------------------------------------------------------

        Details of files deleted
        ------------------------------------------------------------------------------------------
        Marked for deletion: C:\Documents and Settings\who r you\Local Settings\Temporary Internet Files\Content.IE5\index.dat
        Marked for deletion: C:\Documents and Settings\who r you\Cookies\index.dat
        Marked for deletion: C:\Documents and Settings\who r you\Local Settings\History\History.IE5\index.dat
        Emptied Recycle Bin (3 files) 7.11MB
        C:\WINDOWS\TEMP\VRT1.tmp 3.00KB
        C:\WINDOWS\TEMP\VRT10.tmp 3.00KB
        C:\WINDOWS\TEMP\VRT11.tmp 3.00KB
        C:\WINDOWS\TEMP\VRT14.tmp 11.50KB
        C:\WINDOWS\TEMP\VRT15.tmp 3.00KB
        C:\Documents and Settings\who r you\Local Settings\temp\Cookies\who r you@bontrafic[2].txt 176 bytes
        C:\Documents and Settings\who r you\Local Settings\temp\coredmp 0 bytes
        C:\Documents and Settings\who r you\Local Settings\temp\etilqs_2fdgV2mCkbnJPCjl58nT 1.00KB
        C:\Documents and Settings\who r you\Local Settings\temp\etilqs_2fdgV2mCkbnJPCjl58nT-journal 1.51KB
        C:\Documents and Settings\who r you\Local Settings\temp\etilqs_xwjRlfZpxt6JKsNXI2rc 32.03KB
        C:\Documents and Settings\who r you\Local Settings\temp\IMT4.xml 1.95KB
        C:\Documents and Settings\who r you\Local Settings\temp\IMT5.xml 426 bytes
        C:\Documents and Settings\who r you\Local Settings\temp\IMT6.xml 0.67MB
        C:\Documents and Settings\who r you\Local Settings\temp\SSUPDATE.EXE 0.17MB
        C:\Documents and Settings\who r you\Local Settings\temp\Temporary Internet Files\Content.IE5\BY2ZVZBR\index[1].htm 4.50KB
        C:\Documents and Settings\who r you\Local Settings\temp\Temporary Internet Files\Content.IE5\H11DJMAT\index[1].htm 4.50KB
        C:\Documents and Settings\who r you\Local Settings\temp\Temporary Internet Files\Content.IE5\H11DJMAT\index[2].htm 4.50KB
        C:\Documents and Settings\who r you\Local Settings\temp\Temporary Internet Files\Content.IE5\KW0YIMQO\index[1].htm 4.50KB
        C:\Documents and Settings\who r you\Local Settings\temp\~DFEF2D.tmp 0.11MB
        C:\WINDOWS\system32\wbem\Logs\wbemcore.log 7.46KB
        C:\WINDOWS\system32\wbem\Logs\wbemess.log 1.21KB
        C:\WINDOWS\system32\wbem\Logs\wmiprov.log 438 bytes
        Removed Cookie: www.superantispyware.com
        Removed Cookie: google.co.uk
        Removed Cookie: bbc.co.uk
        Removed Cookie: google.com
        Firefox/Mozilla cache cleaning was skipped.
        C:\Documents and Settings\who r you\Local Settings\Application Data\Opera\Opera\profile\cache4\dcache4.url 20 bytes
        C:\Documents and Settings\who r you\Local Settings\Application Data\Opera\Opera\profile\cache4\revocation\dcache4.url 20 bytes
        C:\Documents and Settings\who r you\Local Settings\Application Data\Opera\Opera\profile\cache4\revocation\vlink4.dat 12 bytes
        C:\Documents and Settings\who r you\Application Data\Opera\Opera\profile\global.dat 0 bytes
        C:\Documents and Settings\who r you\Application Data\Opera\Opera\profile\download.dat 12 bytes
        C:\Documents and Settings\who r you\Application Data\Opera\Opera\profile\vlink4.dat 12 bytes
        C:\Documents and Settings\who r you\Application Data\Opera\Opera\profile\typed_history.xml 56 bytes
        C:\Documents and Settings\who r you\Local Settings\Application Data\Opera\Opera\profile\vps\0000\md.dat 8.00KB
        C:\Documents and Settings\who r you\Application Data\Macromedia\Flash Player\#SharedObjects\LVLXENDC\naiadsystems.com\naiad.sol 57 bytes
        C:\Documents and Settings\who r you\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naiadsystems.com\settings.sol 86 bytes
        ------------------------------------------------------------------------------------------



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 22:18:00, on 18/05/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\bmwebcfg.exe
        C:\WINDOWS\system32\tcpsvcs.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\reader_s.exe
        C:\WINDOWS\services.exe
        C:\Documents and Settings\who r you\reader_s.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\Program Files\CCleaner\CCleaner.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe
        C:\WINDOWS\system32\cmd.exe
        C:\WINDOWS\services.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
        R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2081027
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2081027
        O2 - BHO: MS extension - {E59CAA7A-E7C2-4ca4-BA16-BE41FBC048A8} - interconn32.dll (file missing)
        O4 - HKLM\..\Run: [20920] C:\veavtuf.exe
        O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
        O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
        O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\who r you\reader_s.exe
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'Default user')
        O8 - Extra context menu item: &Search - ?p=ZUfox000
        O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
        O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
        O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
        O10 - Unknown file in Winsock LSP: bmnet.dll
        O10 - Unknown file in Winsock LSP: bmnet.dll
        O10 - Unknown file in Winsock LSP: bmnet.dll
        O20 - AppInit_DLLs: C:\WINDOWS\system32\sezulono.dll c:\windows\system32\nojelawo.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
        O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

        --
        End of file - 9174 bytes
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Hi, any chance of help with this?
        « Reply #3 on: May 18, 2009, 03:24:01 PM »
        The logs show that you are infected by an infection called Virut or Sality. Virut/Sality is a virus that infects all executable files and screensavers. Virut also opens a back door providing the attacker with unauthorized remote access to the infected computer. Definition: Polymorphic virus.

        There is no way to cure this infection. Your only option is to perform a full reformat. Do NOT attempt a repair install. Trying to fix this infection will only leave the computer unusable. See Virut on the Rise and Virut and other File infectors - Throwing in the Towel? for more information. 

        Note that if you decide to try and clean this you must be extremely careful on what is backed up as these new infections can get into many different file extensions ( DLL, EXE, SCR, HTM, HTML, MP3, AVI, WMV, PDF.....etc). A complete reformat and reinstall is highly suggested! Avoid backing up compressed files (zip/cab/rar.....etc). Virut can also penetrate compressed files that have .exe or .scr inside them.

        Backing up files before formatting

        If you backup any files they should be scanned from a clean properly protected PC before restoring. Also be careful what scanner is used as some are very poor at detecting and even worse at protecting from this infection. In fact due to the nature of these new infections there are probably no tools that will properly protect you from the infection. Be very selective and only backup files you can not replace like text documents and personal photos.

        Do not back up to another machine! It will likely become infected by Virut. Burn to DVD/CD, a flash drive or to an external drive which has nothing else on it and which you can format should it become infected from the backups.

        I suggest running at least 3 of the below scanners on the backup files. Run the first scan then reboot before running the second then reboot after the second before running the third.
         
        -) Dr.Web CureIt!
        -) AVG Win32/Virut Removal Tool
        -) Symantwc W32.Virut Removal Tool
        -) McAfee Avert Stinger
        -) Microsoft Windows Malicious Software Removal Tool

        If you do not know how to perform a fresh install, use this website -> http://www.windowsreinstall.com/

        Very important, do the following immediately or as soon as possible!

        If you have done any online transactions, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts and/or change all of your account numbers.
         
        From a clean computer change all of your online passwords including for email, banks, financial accounts, PayPal, eBay, online credit card companies and any online forums or groups you belong to etc.

        DO NOT change passwords or do any transactions while using the infected computer. The attacker will get the new passwords and transaction information.
        Logged

        bamfy

          Topic Starter


          Starter

          Re: Hi, any chance of help with this?
          « Reply #4 on: May 18, 2009, 03:28:49 PM »
          hi,

          thanks for that! i need to know what to do now.. the laptop has no disk drive and windows came installed on it already!

          what can i do to fix this?
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Hi, any chance of help with this?
          « Reply #5 on: May 18, 2009, 03:33:55 PM »
          You will need to borrow a Windows CD from a friend if you can or try the manufacturers web site. They will usually ship the install CD for free or for shipping costs. As long as it is the same Operating System CD then you can use it. All you need is your License Key to activate Windows.

          If not that then try eBay or Amazon. Someplace like that.
          Logged

          bamfy

            Topic Starter


            Starter

            Re: Hi, any chance of help with this?
            « Reply #6 on: May 18, 2009, 04:26:28 PM »
            hi there,

            just used this that was on the bottom of your last post

            -) AVG Win32/Virut Removal Tool

            i have run it and it asked me to restart.. i have done this and it was runnign for about 20 minutes and have now rebooted again and it seems to be working fine.. booted up correctly.. explorer.exe started fine and the tasks seems fine...

            could this be now fixed or do i still need the re-install ?
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Hi, any chance of help with this?
            « Reply #7 on: May 18, 2009, 04:33:58 PM »
            No I highly doubt it is fixed. The Virut is in all of your system files. Removing it would leave your computer unusable. You can scan with the other tools and likely find more each time you scan. The computer is not safe until you reformat and reinstall.

            Sorry but I've tried before. Hours and hours later I finally had to give in. You just can't contain the main infected files in order to clean them.

            Logged

            Bgs



              Beginner

              Thanked: 1
              Re: Hi, any chance of help with this?
              « Reply #8 on: May 19, 2009, 05:19:28 AM »
              Hi Evilfantasy i have a question about this tools for malware detection does they conflict with any antivirus software for example Eset NOD 32 antivirus i give this example because this antivirus i use  ;D.
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Hi, any chance of help with this?
              « Reply #9 on: May 19, 2009, 11:58:23 AM »
              No they won't.
              Logged

              apostle3

              • Guest
              Re: Hi, any chance of help with this?
              « Reply #10 on: October 10, 2010, 09:31:31 AM »
              Hi Evilfantasy

              Maybe I'm unrealistic, but rather then attempt removal of the virus, couldn't another "protective" virus be written that could simply "follow" vitut around and return things to the default settings, or in a best case scenario, to the way they were? ...I dunno, just thinking out loud. I no code monkey or anything so don't really know if two polymorphic viruses can "battle it out"
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Hi, any chance of help with this?
              « Reply #11 on: October 10, 2010, 01:26:44 PM »
              Any program you have installed to counter Virut will also be infected so, no. The only reliable (and working) cure is as described above.

              Logged
              Pages: [1]   Go Up
              « previous next »