Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/malware Spam Popups And Fake Virus Balloons


  • This topic is locked This topic is locked
6 replies to this topic

#1 Harrisn

Harrisn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 16 August 2007 - 08:39 PM

I left my comp on while i went out and one of my family members must of got on and went some were they shouldnt have and now i am getting in pop ups and pages coming up all over the place.. Its saying i have got things like "trojan-spy.win32@mx", "networm-i.Virus@Fp" and "psw.x-vir trojan".
Heres my log file maybe u can help :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:39:13 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvraidservice.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\program files\steam\steam.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\G-series Software\Applets\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\wbem\unsecapp.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINDOWS\system32\mdm.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Toy\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - F:\WINDOWS\system32\cipbaarn.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - F:\WINDOWS\system32\cipbaarn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] F:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SQLClient Tool] c:\Windows\System32\SQLClient\SqlClient.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe F:\WINDOWS\system32\drvjus.dll,startup
O4 - HKLM\..\RunOnce: [SpybotSnD] "F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIP] F:\WINDOWS\aip.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Free Download Manager] F:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "F:\Program Files\Octoshape Streaming Services\Toy\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135235009855
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDA104F8-BCB6-47A0-884A-8F3E5FAA82D6}: NameServer = 192.168.2.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cipbaarn - F:\WINDOWS\SYSTEM32\cipbaarn.dll
O20 - Winlogon Notify: WB - F:\Documents and Settings\Toy\Desktop\ThemeManager\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - F:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:23 PM

Posted 18 August 2007 - 02:23 PM

Hello Harrisn,

I am SifuMike and I will be helping you. :thumbsup:

I see some bad items in your log, so let's run these scans.

You will need to use Internet Explorer for this scan.

Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


******************

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
    A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

******************

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log.

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.


When done, submit the BitDefender log, the AVG Anti-Spyware 7.5 log and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Harrisn

Harrisn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 19 August 2007 - 01:52 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:06 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvraidservice.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Logitech\G-series Software\Applets\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
F:\program files\steam\steam.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\wbem\unsecapp.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\mdm.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
F:\Program Files\BitTorrent\bittorrent.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] F:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SQLClient Tool] c:\Windows\System32\SQLClient\SqlClient.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIP] F:\WINDOWS\aip.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Free Download Manager] F:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "F:\Program Files\Octoshape Streaming Services\Toy\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135235009855
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDA104F8-BCB6-47A0-884A-8F3E5FAA82D6}: NameServer = 192.168.2.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: cipbaarn - cipbaarn.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - F:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9395 bytes

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:23 PM

Posted 19 August 2007 - 12:39 PM

Hello Harrisn,

You forgot to post the the BitDefender log, and the AVG Anti-Spyware 7.5 log.

F:\HijackThis.exe


You need to put Hijackthis in a Hijackthis folder, not in F:\HijackThis.exe.
It should look like this: F:\Hijackthis\Hijackthis.exe
So please do that and then post a fresh Hijackthis log.

Edited by SifuMike, 19 August 2007 - 12:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Harrisn

Harrisn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 21 August 2007 - 11:40 PM

Heres The HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:31 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvraidservice.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\program files\steam\steam.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\G-series Software\Applets\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
F:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\wbem\unsecapp.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\WINDOWS\system32\mdm.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Grisoft\AVG Free\avgwb.dat
F:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] F:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SQLClient Tool] c:\Windows\System32\SQLClient\SqlClient.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIP] F:\WINDOWS\aip.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Free Download Manager] F:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "F:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "F:\Program Files\Octoshape Streaming Services\Toy\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135235009855
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDA104F8-BCB6-47A0-884A-8F3E5FAA82D6}: NameServer = 192.168.2.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: cipbaarn - cipbaarn.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - F:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9872 bytes



The AVG Log Think This is the right one

<history>
<!-- 01c7e0c1ee758e60 -->
<rec time="2007/08/17 11:29:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win47.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.HSK</attr>
</rec>
<rec time="2007/08/17 11:29:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win49.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">SHeur.GOG</attr>
</rec>
<rec time="2007/08/17 11:30:00" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win47.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:02" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win49.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:07" user="Toy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\Program Files\Common Files\Yazzle1162OinAdmin.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic4.IQO</attr>
</rec>
<rec time="2007/08/17 11:30:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win54.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic5.OPE</attr>
</rec>
<rec time="2007/08/17 11:30:10" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\Program Files\Common Files\Yazzle1162OinAdmin.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:11" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win54.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/18 18:19:56" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:969-967;</attr>
</rec>
<rec time="2007/08/19 11:04:04" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:970-969;</attr>
</rec>
<rec time="2007/08/20 08:00:03" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/20 08:24:54" user="SYSTEM" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">F:\WINDOWS\system32\drvjus.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.LEL</attr>
</rec>
<rec time="2007/08/20 08:27:18" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2007/08/20 08:27:19" user="SYSTEM" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\system32\drvjus.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/20 09:32:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:971-970;</attr>
</rec>
<rec time="2007/08/21 01:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 02:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 03:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 04:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 05:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 06:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 07:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 08:00:02" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/21 08:20:21" user="SYSTEM" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 08:27:16" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2007/08/21 08:27:17" user="SYSTEM" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/21 09:32:29" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1104-1103;iavi:973-971;</attr>
</rec>
<rec time="2007/08/22 14:18:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:975-973;</attr>
</rec>
<rec time="2007/08/22 14:27:16" user="Toy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/22 14:33:12" user="Toy" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>



And ad=s for bitdefender i couldnt get it to work with my ie.. it just stopped at the loading then went back to the start

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:23 PM

Posted 22 August 2007 - 12:19 AM

The AVG Log Think This is the right one

<history>
<!-- 01c7e0c1ee758e60 -->
<rec time="2007/08/17 11:29:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win47.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Clicker.HSK</attr>
</rec>
<rec time="2007/08/17 11:29:56" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win49.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">SHeur.GOG</attr>
</rec>
<rec time="2007/08/17 11:30:00" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win47.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:02" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win49.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:07" user="Toy" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\Program Files\Common Files\Yazzle1162OinAdmin.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic4.IQO</attr>
</rec>
<rec time="2007/08/17 11:30:09" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\WINDOWS\Temp\win54.tmp.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic5.OPE</attr>
</rec>
<rec time="2007/08/17 11:30:10" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\Program Files\Common Files\Yazzle1162OinAdmin.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/17 11:30:11" user="Toy" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\Temp\win54.tmp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/18 18:19:56" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:969-967;</attr>
</rec>
<rec time="2007/08/19 11:04:04" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:970-969;</attr>
</rec>
<rec time="2007/08/20 08:00:03" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/20 08:24:54" user="SYSTEM" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">F:\WINDOWS\system32\drvjus.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.LEL</attr>
</rec>
<rec time="2007/08/20 08:27:18" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2007/08/20 08:27:19" user="SYSTEM" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\WINDOWS\system32\drvjus.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/20 09:32:13" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:971-970;</attr>
</rec>
<rec time="2007/08/21 01:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 02:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 03:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 04:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 05:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 06:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 07:07:18" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 08:00:02" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/21 08:20:21" user="SYSTEM" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.LEL</attr>
</rec>
<rec time="2007/08/21 08:27:16" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2007/08/21 08:27:17" user="SYSTEM" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">F:\System Volume Information\_restore{9B40EE75-A44C-40AE-89A8-1DFB0B7F6896}\RP3\A0000264.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/08/21 09:32:29" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1104-1103;iavi:973-971;</attr>
</rec>
<rec time="2007/08/22 14:18:21" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:975-973;</attr>
</rec>
<rec time="2007/08/22 14:27:16" user="Toy" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/08/22 14:33:12" user="Toy" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>


No, that is not legible. :thumbsup: Post it again. A copy of the report will be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\


Are you still getting popups?





And ad=s for bitdefender i couldnt get it to work with my ie.. it just stopped at the loading then went back to the start


Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please
temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.


* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please perform this online scan:

Kaspersky Webscan

This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"

A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail Bases


It does not provide an option to clean/disinfect.
When the scan is complete choose to save the results as "Save as Text"

Post the Kaspersky scan results in your next reply.

Edited by SifuMike, 22 August 2007 - 12:35 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:23 PM

Posted 01 September 2007 - 09:43 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users