I'm losing control. Pop ups and spyware, trogen downloaderhave taken over control. Help if you can. I have a firewall through my cable provider and also Microsoft anti spyware and Norton antivirous 2003installed. I can no longer bring up my start page using msconfig and run. It will not come up. something is running in start up and i cannot get to it to remove it.
StartupList report, 1/25/2006, 4:26:10 PM StartupList version: 1.52.2 Started from : C:\DOCUME~1\JOHNCU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\MSHTHA.EXE C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe C:\Program Files\Sierra\Planner\Plnrnote.exe C:\WINDOWS\System32\atievxx.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\DOCUME~1\JOHNCU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Digimax Viewer 2.0.lnk = ? Event Planner Reminders Tray Icon.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" CMPDPSRV = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Microsoft Hyptertext Helper = MSHTHA.EXE -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Microsoft Hyptertext Helper = MSHTHA.EXE -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Scan my computer.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115075756911 [Mirar_Dummy_ATS1 Class] InProcServer32 = C:\WINDOWS\system32\WinATS.dll CODEBASE = http://awbeta.net-nucleus.com/FIX/WinATS.cab [{9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA}] CODEBASE = http://www.adelphia.net/files/musicnet/download/adelphia/PerformerSetup.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,749 bytes Report generated in 0.431 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
I found the same crap on my pc. I ran a program called Silent Sword. It disabled the malware with one reboot. It's a 30 day free trial and I found it on download.com. Cheers, Steven
