Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popup From Unknown Source "targeted"


  • Please log in to reply
8 replies to this topic

#1 plasticquart

plasticquart

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 30 July 2007 - 11:20 PM

Issue: I use Firefox as my browser and get random popups in an IE window. The IE window isn't typical w/ browser buttons or any of the UI.... and it typically says "TARGETED" in the top left corner.

This is a Windows 2000 machine, I have scanned this thing w/ the following and my pop-up issue is still present: Spybot S&D, Ad Aware, Spyware Terminator, AVG everything, Prevx, SuperAntispyware, Stinger and a few others).

My log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:24 PM, on 7/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\Initial Download\stinger.exe
C:\WINNT\system32\notepad.exe
F:\Initial Download\HiJackThis.exe

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" Ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185601137656
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6006 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 31 July 2007 - 08:19 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum plasticquart :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

----------------------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log.
Posted Image
Posted Image

#3 plasticquart

plasticquart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 31 July 2007 - 09:14 AM

Here are the logs for ComboFix, Fixwareout and a new Hijackthis log... I will post them in separate posts. ComboFix is first. And Thank You for the help! Seriously.


--------------------------------------------------

ComboFix 07-07-31 - "Administrator" 07/31/2007 8:59:49.1 [GMT -5:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\crosof~1
C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch
C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
C:\WINNT\b103.exe
C:\WINNT\b138.exe
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\core.sys
C:\WINNT\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-31 08:58 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-31 08:48 5,134 --a------ C:\dnsbak.reg
2007-07-30 22:59 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-30 22:32 <DIR> d-------- C:\Program Files\Security Task Manager
2007-07-30 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-07-30 21:57 <DIR> d-------- C:\Program Files\iKnowPS
2007-07-29 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 23:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-29 23:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 23:36 <DIR> d-------- C:\Program Files\ClamWin
2007-07-29 23:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-07-29 23:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\.clamwin
2007-07-29 18:28 <DIR> d-------- C:\Program Files\Prevx2
2007-07-29 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-07-29 18:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Prevx
2007-07-29 18:26 77,312 --a------ C:\WINNT\ua2.dll
2007-07-29 18:26 <DIR> d-------- C:\WINNT\winsxs
2007-07-29 15:42 3,968 --a------ C:\WINNT\system32\drivers\AvgArCln.sys
2007-07-24 02:00 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-07-24 01:39 <DIR> d-a------ C:\Program Files\WinClamAVShield
2007-07-24 01:30 <DIR> d-a------ C:\Program Files\Spyware Terminator
2007-07-24 01:30 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-07-24 01:30 <DIR> d-a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator
2007-07-23 23:35 462,848 --a------ C:\WINNT\system32\msaatext.dll
2007-07-23 23:35 360,448 --a------ C:\WINNT\system32\oleacc.dll
2007-07-23 23:35 356,352 --a------ C:\WINNT\system32\oleaccrc.dll
2007-07-23 23:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-23 23:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-23 23:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-23 21:32 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-07-23 21:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-07-23 21:02 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-07-23 21:00 164 --a------ C:\install.dat
2007-07-23 20:49 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution
2007-07-23 20:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-22 14:37 <DIR> d--hs---- C:\WINNT\bmE
2007-07-21 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-21 23:12 <DIR> d-------- C:\Program Files\CapCom
2007-07-20 14:27 <DIR> d-------- C:\WINNT\Recyclers
2007-07-20 14:27 <DIR> d-------- C:\Program Files\MagicISO
2007-07-16 23:43 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-07-15 23:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-15 23:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-07-15 00:16 <DIR> d-------- C:\Program Files\WarRock
2007-07-15 00:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-07-01 17:48 <DIR> d-------- C:\Program Files\AssaultCube
2007-06-30 14:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-06-30 14:51 <DIR> d-------- C:\Program Files\Nero
2007-06-30 14:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-30 14:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-15 17:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ImgBurn
2007-06-15 15:57 <DIR> d-------- C:\Program Files\ImgBurn
2007-06-14 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-06-14 21:04 <DIR> d-------- C:\Program Files\VideoLAN
2007-06-14 19:09 <DIR> d-------- C:\Program Files\Foxit Software
2007-06-12 20:33 46,992 --a------ C:\WINNT\system32\drivers\i8042prt.sys
2007-06-12 20:33 24,528 --a------ C:\WINNT\system32\drivers\kbdclass.sys
2007-06-12 20:32 54,784 --a------ C:\WINNT\system32\MSVCI70.DLL
2007-06-12 20:32 37,887 --------- C:\WINNT\system32\drivers\Lhidusb.sys
2007-06-12 20:32 14,095 --------- C:\WINNT\system32\drivers\LCCFLTR.SYS
2007-06-12 20:32 12,953 --a------ C:\WINNT\system32\drivers\itchfltr.sys
2007-06-12 20:32 1,060,864 --a------ C:\WINNT\system32\MFC71.dll
2007-06-12 20:32 <DIR> d-------- C:\Program Files\Logitech
2007-06-12 20:32 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-06-10 15:56 <DIR> d-------- C:\Program Files\QuickTime
2007-06-10 15:55 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-10 01:17 499,712 --a------ C:\WINNT\system32\msvcp71.dll
2007-06-10 01:17 348,160 --a------ C:\WINNT\system32\msvcr71.dll
2007-06-10 01:17 10,752 --a------ C:\WINNT\system32\ff_vfw.dll
2007-06-10 01:17 <DIR> d-------- C:\Program Files\ffdshow
2007-06-10 01:07 75,264 --a------ C:\WINNT\system32\unacev2.dll
2007-06-10 01:07 156,160 --a------ C:\WINNT\system32\unrar3.dll
2007-06-10 00:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
2007-06-10 00:49 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-06-10 00:48 831,600 --a------ C:\WINNT\system32\Ctaa1.dat
2007-06-10 00:48 77,824 --a------ C:\WINNT\system32\ctdvda32.dll
2007-06-10 00:48 315,376 --a------ C:\WINNT\system32\drivers\ctdvda2k.sys
2007-06-10 00:48 122,880 --a------ C:\WINNT\system32\cddvdint.dll
2007-06-10 00:48 <DIR> d-------- C:\Program Files\InterVideo
2007-06-10 00:48 <DIR> d-------- C:\Program Files\Creative
2007-06-10 00:34 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-06-10 00:28 682,232 --a------ C:\WINNT\system32\drivers\sptd.sys
2007-06-07 22:12 <DIR> dr-h----- C:\MSOCache
2007-06-04 23:02 <DIR> d-------- C:\Program Files\TightVNC
2007-06-04 15:18 9,344 --a------ C:\WINNT\system32\drivers\NSDriver.sys
2007-06-04 15:17 7,808 --a------ C:\WINNT\system32\drivers\AWRTRD.sys
2007-06-04 15:14 5,376 --a------ C:\WINNT\system32\drivers\AWRTPD.sys
2007-06-02 20:22 1,277 --a------ C:\WINNT\mozver.dat
2007-06-02 20:22 <DIR> d-------- C:\WINNT\system32\Macromed
2007-06-02 20:19 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-06-02 20:19 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-06-02 20:19 57,344 --a------ C:\WINNT\uneng.exe
2007-06-02 20:19 49,152 --a------ C:\WINNT\system32\cdrtc.dll
2007-06-02 20:19 45,056 --a------ C:\WINNT\system32\cdral.dll
2007-06-02 20:19 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-06-02 20:19 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-06-02 20:19 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-06-02 20:19 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-06-02 20:19 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-06-02 20:19 167,936 --a------ C:\WINNT\system32\wmerror.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-07-29 23:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\.clamwin
07-06-02 18:50 271 ---h----- C:\Program Files\desktop.ini
07-06-02 18:50 21952 ---h----- C:\Program Files\folder.htt
07-05-31 01:45 524288 --a------ C:\WINNT\system32\DivXsm.exe
07-05-31 01:44 823296 --a------ C:\WINNT\system32\divx_xx0c.dll
07-05-31 01:44 823296 --a------ C:\WINNT\system32\divx_xx07.dll
07-05-31 01:44 802816 --a------ C:\WINNT\system32\divx_xx11.dll
07-05-31 01:44 740442 --a------ C:\WINNT\system32\DivX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"PtiuPbmd"="Rundll32.exe" [99-12-07 07:00 C:\WINNT\system32\rundll32.exe]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [02-12-06 16:07 ]
"nwiz"="nwiz.exe" [06-07-24 21:33 C:\WINNT\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [07-05-07 19:28 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [04-03-18 09:33 ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [06-01-12 15:40 ]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [06-11-10 16:19 ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [07-07-24 01:30 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 04:25 ]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [07-07-19 16:12 ]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [07-07-23 02:17 ]
"iKnowPS"="C:\Program Files\iKnowPS\iKnowPS.exe" [05-11-24 22:12 ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [07-04-02 10:35 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [07-04-03 17:29 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06-11-16 19:04 ]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [05-09-18 18:40 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-06-10 00:48:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINNT\system32\DRIVERS\pxfsf.sys
R0 UlSata;UlSata;C:\WINNT\system32\DRIVERS\ulsata.sys
R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINNT\system32\DRIVERS\AvgArCln.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINNT\system32\DRIVERS\avipbb.sys
R1 Cdr4_2K;Cdr4_2K;C:\WINNT\system32\drivers\Cdr4_2K.sys
R1 Cdralw2k;Cdralw2k;C:\WINNT\system32\drivers\Cdralw2k.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINNT\system32\DRIVERS\pxtdi.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINNT\system32\DRIVERS\pxrd.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 ssmdrv;ssmdrv;C:\WINNT\system32\DRIVERS\ssmdrv.sys
R2 aslm75;aslm75;\??\C:\WINNT\system32\drivers\aslm75.sys
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 PREVXEmulator;PREVX Emulator driver;C:\WINNT\system32\DRIVERS\PxEmu.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
R3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINNT\system32\DRIVERS\yukonw2k.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 PciCon;PciCon;\??\D:\PciCon.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 09:03:49
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_6a8.dat

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-31 9:06:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-31 09:06

--- E O F ---


And here is the log for Fixwareout...



------------------------------------------------------------


Username "Administrator" - 07/31/2007 8:48:56 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"PtiuPbmd"="\"Rundll32.exe\" Ptipbm.dll,SetWriteBack"
"ASUS Probe"="\"C:\\Program Files\\ASUS\\Probe\\AsusProb.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINNT\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINNT\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"WinVNC"="\"C:\\Program Files\\TightVNC\\WinVNC.exe\" -servicehelper"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"InCD"="\"C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe\""
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"PrevxOne"="\"C:\\Program Files\\Prevx2\\PXConsole.exe\""
"ClamWin"="\"C:\\Program Files\\ClamWin\\bin\\ClamTray.exe\" --logon"
"iKnowPS"="C:\\Program Files\\iKnowPS\\iKnowPS.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"PeerGuardian"="\"C:\\Program Files\\PeerGuardian2\\pg2.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#4 plasticquart

plasticquart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 31 July 2007 - 09:16 AM

And the new log for hijackthis...


------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:09 AM, on 7/31/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\NOTEPAD.EXE
F:\Initial Download\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" Ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185601137656
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6485 bytes

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 31 July 2007 - 09:34 AM

You’ve got AntiVir PersonalEdition Classic and ClamWin installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other as soon as possible,then restart your pc.

-------------------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

Restart your pc.
Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#6 plasticquart

plasticquart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 31 July 2007 - 07:50 PM

I've removed the anti-virus apps, and things see to be running better.

Here is my latest hijackthis log file...


------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:57 PM, on 7/31/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\msiexec.exe
F:\Initial Download\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" Ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185601137656
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 4747 bytes

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 01 August 2007 - 06:40 AM

I've removed the anti-virus apps, and things see to be running better.

Thats all well and good but if you read my instructions carefully i asked you to remove one of the applications,not both :thumbsup:
As a result you've now no virus protection installed,which you must have.

Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

Restart your pc.
Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#8 plasticquart

plasticquart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 01 August 2007 - 06:54 PM

I prefer to not have any anti-virus applications running as I don't do email nor do I d/l anything on this system -- it is simply for internet use and some development (These issues I couldn't clean came about due to a user doing just those things -- d/ling a bunch of crap and using Outlook and surfing on sites they shouldn't have been on -- but since I've gotten them off if this machine, I prefer to have a minimal set of things running in the background).

With that said, the system is running now w/o a hitch. Do you see anything in any of the logs that needs to be addressed?

And before I forget... a million thank yous. Seriously, your help is appreciated.

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 02 August 2007 - 05:18 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Fixwareout
Combofix.exe

C:\QOOBOX
C:\Fixwareout

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users