Trojan Horse Virus

Hi, im not that good with computers, and i hope someone out there can help me?? Please!!!

i have a trojan horse virus in a windows system 32. exe file. norton antivirus gives me a constent reminder that its there and is unable to get rid of it. I've used Norton, Windows onecare, adware, spybot and they all shut my computer down automatically, i believe once it gets to that file. How do i clean my computer? do i have to format my computer?
PS: my computer screen flickers alot, whats the go there? Please help?

 

Hello PESCOLINO, welcome to Afterdawn.

You won't have to format. We'll get you clean.

First, let's see what you got.

Download Ewido.
Install and update.

Restart your computer in safe mode.(before the Windows load screen press F8, select "Safe Mode" from the menu.)
Open Ewido.
Click Scanner.
Click Complete System Scan.
When it finishes, set all items to quarantine and then click "Apply all actions".
Then, click "Save Report". (save to the desktop you will need it)

Restart in normal mode.

Download HijackThis. Extract the file to it's own folder on the desktop. Open HijackThis and click Run a Scan and Save a log file. Copy/paste that log along with the Ewido log in your next post.

Let me know if you have any problems.

 

Hi Niobis

Thanks for your help, i did what you asked, i just dont know how to cut and paste it on here. i cut the desktop icon and when i open this page it wont let me paste. sorry i must sound dumb! . Please help?

 

Open the icon(text file) then copy and paste.

 

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:31:09 11/09/2006

+ Scan result:



HKU\S-1-5-21-3251966206-2482506977-2985939552-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57A70350-87D9-4EA2-B3AC-C1C1B5296035} -> Adware.ContextuAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Ducky\Cookies\ducky@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.127:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.128:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.129:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.130:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.131:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.132:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.133:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.134:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.135:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.230:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.231:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.232:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Ducky\Cookies\ducky@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.188:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.189:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.190:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.191:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.192:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.193:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.194:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.195:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.196:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.83:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.97:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.114:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned.
:mozilla.101:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.112:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.115:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.116:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.136:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.138:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.140:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.141:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.142:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.96:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.117:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.118:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Ducky\Cookies\ducky@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.139:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.73:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.74:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.75:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.76:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.77:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.78:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.79:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.113:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.228:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.237:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.46:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.47:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.48:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.49:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.199:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.200:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.24:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.81:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.57:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.50:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.110:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\Ducky\Application Data\Mozilla\Firefox\Profiles\0trycgrm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

Logfile of HijackThis v1.99.1
Scan saved at 22:33:15, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Novatix\Cyberhawk\CHService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\EzButton\CPLDFL10.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Novatix\Cyberhawk\CHTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ducky\Desktop\HijackThis_v1.99.1.exe
C:\WINDOWS\system32\Notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.une.edu.au:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CPLDFL10] C:\PROGRA~1\EzButton\CPLDFL10.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Cyberhawk] C:\Program Files\Novatix\Cyberhawk\CHTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Poker Million Online Poker - {47C16927-7BDE-465a-8E68-CE9C2CBB15B7} - C:\Program Files\pokermillionMPP\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157273179281
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/458/webolr/OCX/FlashAX.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cyberhawk - Unknown owner - C:\Program Files\Novatix\Cyberhawk\CHService.exe" service (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)

 

Go to Add/Remove Programs. Look for ErrorSafe(or similar). If found, uninstall it.

Then, Open HijackThis.
Click Do a system scan only.
Check the box beside each of the following:

[bold]O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) [/bold]
Only if you uninstalled the toolbar or didn't install.

[bold]O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) [/bold]

Check these also if you did [bold]not[/bold] install MPPoker or PartyPoker, or if you uninstalled either. If you use them, don't check.

[bold]O9 - Extra button: Poker Million Online Poker - {47C16927-7BDE-465a-8E68-CE9C2CBB15B7} - C:\Program Files\pokermillionMPP\MPPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) [/bold]

Close all windows except HijackThis then click Fix checked.

Then, go here and download Ccleaner.

Install and open.
Click Cleaner then click Run cleaner.
When it finishes, click Issues.
Then, click Scan for issues.
If any are found, click Fix selected issues...
When prompted to backup registry, click Yes.
Then, click Fix all issues.

After, that are you having symptoms or troubles?

 

also check and fix these

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)

Start - Run
Type:

services.msc

Click OK.

In the services window find this exact name (may be stopped already)

[bold]SpywareCleanerService [/bold]

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Reboot into safe mode search for and delete these folders if they still exist:

C:\Program Files\[bold]ErrorSafe Free[/bold]\
C:\Program Files\[bold]Spyware Cleaner[/bold]\

 

firstly i'd like to thank you for your time and effort, very much appriciated. thanks mate.

I've done all you said and my screen doesn't flicker as much as before, although i ran another scan with windows onecare and the computer shut down by itself at 99% complete. Im trying again with norton and i'll let you know how that goes. If you have any other suggestions it would be much appriciated. i was thinking to uninstall spybot and spysweeper, also adware. what do you think??

do you think it could be a hardware problem with the computer itself? Would formatting my computer and starting again fix these problems? overall my computer runs alot smoother although it still shuts down on its own, sometimes!

Thanks again for all your help, Steve..

 

Thanks maca, looked over those.

PESCOLINO,

I wouldn't uninstall Spybot or SpySweeper, they are good programs. I'd uninstall Norton though, it's not that good. Look into AVG Free or
if you want to pay for one, Panda Software has a good antivirus also. If you choose to use either of those you'll have to uninstall Norton and that can be annoying! There are special tools you can download to completly uninstall Norton. So, let me know what you choose to do and if you need the tools I'll give you a link.

As for the problem, could be other hiding malware. Go here and run ActiveScan. When it finishes, save the results and paste them here.

 

Hi niobis,

i did a scan with norton last night in safe mode, in quarentine i have ttsx.exe Trojan Horse C:\windows\system32 Type application.
it doesn't repair file, so i've left it for now.

here is the scan results from panda

Incident Status Location

Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Adware:adware/quickbar Not disinfected Windows Registry

 

If ttsx.exe is in quarantine restore it.

Then, go here and download KillBox.

Note: you may want to print these instructions, you will be in safe mode.

Restart your computer in safe mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines [bold]one at a time[/bold]. Then click the red X button after you enter each file.
You will be prompted to confirm, click Yes.

[bold]C:\windows\system32\ttsx.exe[/bold]

Close KillBox.
Find this folder and delete: [bold]C:\Windows\cdmxtras[/bold].
You may have to show hidden files and folders to find.
To do this, open Control Panel, open Folder Options, click View tab, check "Show hidden files and folders. If you need to do this, remember to hide again.
Restart in normal mode.
Run Ccleaner and Issues fix again.

 

HI NIOBIS

 

Hi Niobis

i did what you said, but i used killbox to backup and delete the c:\windows mxtras. file. is that okay?? i couldnt find it using the search folders option.

my laptop screen still flickers, (not so much). could it be a hardware issue?? Anyway i'll post tomorrow and let you know if it still shuts down by itself.

thanks for all your help, this really is the best site on the web.

PS: is there anything else i should do???

 

As long as KillBox didn't prompt "file doesn't exist" then that was fine.

Yes, that could be a monitor problem as you should be clean now. When does it flicker? How long does it last?

Your welcome.

Edit: just seen/remembered something: open Ewido click Infections, select any/all entries and click Remove finally.

 

when i touch the screen, sometimes it goes black until i move it again. i haven't had many occasions in which it flickers by itelf without touching it. i cant even think of one since all these scans, although my computer shut down by itself after i left it on a table, i believe the fan at the back gets too hot. i use it on and open 't aired ironing board and it doesnt shut down as often, or sometimes not at all. all this started when i got the net not long ago before that it was all working perfect.

i must be a pain in the neck.lol

 

lol, not at all! Wouldn't stay here if I didn't want to help people.

I think your right about it getting to hot and shutting down. Clean the air vents. Compressed air is great for this although you can use a Q-tip and rubbing alcohol. To keep mine running cooler I raise the front about 1" from the back, but it sits on a grooved box lid. You could place a book under the front of it to get more circulation of air.

Sounds like a shortage in a wire or chip. Not really a fix for it unless you want to disassmeble the entire laptop. Even then finding the problem would be a problem. Not worth it!

 

HI,

SINCE UPDATING MY COMPUTER IT WORKS ALOT BETTER, BUT NOW IT SEEMS TO SWITCH OFF BY ITSELF EVERY TIME, IN SAFE MODE IT DOESNT THOUGH, WHAT DO YOU THINK COULD BE WRONG, NIOBIS I HOPE YOUR STILL AROUND. CAN SOMEONE HELP ME PLEASE. I USED CCLEANER, NOT IN SAFE MODE IF THATS ANY HELP, I KNOW I WAS DIRECTED NOT TOO, BUT IT WAS A MISTAKE, IM VERY NEW WITH THESE COMPUTERS.

PLEASE HELP?? THANK YOU

 

Hello again PESCOLINO. Run CCleaner as much as you like, that's what it is for-to clean crap off your computer. If it isn't shutting off in safe mode sounds like there are more infections.

Go here and download Spybot Search and Destroy.

When installing click "Update Immeditaly".
After installing open Spybot.
Click "Check for Updates".
After updating, click "Check for Problems".
When it finishes, click "Fix selected problems".
The log will go here:C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs.

Go here and run Kaspersky Onliner Scanner. When it finishes, save the log and post it here along with the contents of C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.yymmdd-hhmm.

Edits: sorry for all the edits, I can't type today.

 

hi niobis

im an idiot, i dont know what i've done, i downloaded the scanner,after the restart, my computer would always shut down during start up. So i went into safe mode (which i never knew existed before you .) and went into software explorer in control panel and removed it from start up ( the anti virus kasp___). now i've tried to remove the program but it wont allow me too. its saying i have to close it, dont know how. May it be a problem that i have windows defender, windows onecare, avg anti virus,cyberhawk and kasp. since this new downlaod windows live onecare has turned orange, and say condition is fair, before it was green.

on the plus side, i've run spybot and it found 3 items, but i dont know how to find that file your asking for....

thanks again.
your dumb friend