Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Going Slow.. Virus?


  • Please log in to reply
16 replies to this topic

#1 abysssx

abysssx

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 03 September 2007 - 06:03 PM

my computer jus started going slow all of a suddon...here is hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:11 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\steam.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\EasyClea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5893 bytes

BC AdBot (Login to Remove)

 


#2 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 03 September 2007 - 11:54 PM

please someone reply...i really am wondering why it takes litterally 3 minutes for the internet window to open

#3 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 04 September 2007 - 10:35 AM

here is my hijackthis log... please someone help i dont know wats rong




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:02 AM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\steam.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5840 bytes

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 12 September 2007 - 02:34 PM

Hello abysssx

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed.

Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log <--link

And I'll be happy to take a look at it for you.

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
Thanks, for your patience.



Stelios

#5 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 14 September 2007 - 03:30 PM

yea thanks heres the log file




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:50 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5811 bytes

#6 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 15 September 2007 - 03:41 PM

by the way...you sed follow all these steps before posting........theres like 15 programs you want me to dl and run...i already used this website to get rid of virus's n malware and the other guy never told me to follow those steps. he sent me step by step instructions wat to do and it worked, but i am lagging ever since, i dont wanna read a forum and download all these programs i just wanna make my computer stop running so slow...........

#7 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 20 September 2007 - 03:56 PM

Hi abysssx

Sorry for the delay.

Your log looks good, and I saw now that you have already received help here:

http://forums.techguy.org/malware-removal-...8-plz-help.html
=====

Please download ATF Cleaner by Atribune. Double-click Posted Image to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at
the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
If you use Opera browserClick Opera at the
top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located
at the bottom of each menu.]
=====

Let’s have an online scan for any leftovers!

Please go HERE to run Panda's Posted Image ActiveScan
  • Note: This Scanner is for Internet Explorer Only!
  • Once you are on the Panda site click the Posted Image button
  • A new window will open.
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Posted Image
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Posted Image to start the scan
  • When the scan completes, if anything malicious is detected, click the Posted Image button, then click the Posted Image button and save it to a convenient location. Post the contents of the ActiveScan report
=====

Have you ever used the defragment tool of your computer?

Windows tends to put new files in any available open space; defragging will place associated segments of files closer together so your read arm has less travelling around the hard drive to do, saving wear and tear while speeding up programs.

http://www.bleepingcomputer.com/tutorials/the-importance-of-disk-defragmentation/

Or you can use this free tool:
http://www.auslogics.com/disk-defrag/
=====

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
=====

Do you identify those IP's?
The first one looks to belong to a school campus.

O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5



Stelios

#8 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 22 September 2007 - 10:46 PM

ok look, ur asking the same thing as before, i d o n t u n d e r s t a n d those steps are so confuzing!!! please! explain easier all i understand is get u the logfile here it is



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:12 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5943 bytes

#9 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 23 September 2007 - 03:57 PM

Hi abysssx

Let’s try again

Please print these instructions out, or save them to a notepad file, for easier reference during the fix.

(step 1)

Please download ATF Cleaner < --Click this link. By Atribune.
After you download the program at your desktop:Double-click this icon -- > Posted Image to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at
the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
If you use Opera browserClick Opera at the
top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located
at the bottom of each menu.]
=====
(step 2)

Have you ever used the defragment tool of your computer?

Windows tends to put new files in any available open space; defragging will place associated segments of files closer together so your read arm has less travelling around the hard drive to do, saving wear and tear while speeding up programs.
http://www.bleepingcomputer.com/tutorials/the-importance-of-disk-defragmentation/ < --Link. Please read.
Or you can use this free tool:
http://www.auslogics.com/disk-defrag/ < --Link.
=====

(step 3)

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
=====

(step 4)

Now let’s have an online scan for any leftovers!

Please go HERE< --Click this link. To run Panda's Posted Image ActiveScan
  • Note: This Scanner is for Internet Explorer Only!
  • Once you are on the Panda site click the Posted Image button
  • A new window will open.
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Posted Image
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Posted Image to start the scan
  • When the scan completes, if anything malicious is detected, click the Posted Image button, then click the Posted Image button and save it to a convenient location. Post the contents of the ActiveScan report
=====

Please post back:

1) The uninstall list.
2) Panda's report.



Stelios

#10 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 September 2007 - 07:20 PM

the panda thing i cant do cuz i got firefox


here is the other notepad file from hijackthis



Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AOL Instant Messenger
Apple Software Update
AVG 7.5
Azureus Vuze
dBpowerAMP Music Converter
DELL TrueMobile 1180 Wireless USB
DivX Content Uploader
DivX Web Player
EasyCleaner
ErrorProtector 1.1.145.1
GoldWave v5.20
HijackThis 2.0.2
Intel® Extreme Graphics Driver
iTunes
Java™ 6 Update 2
Masque Games on aim
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.6)
Mozilla Firefox (2.0.0.7)
MSXML 6.0 Parser (KB925673)
Nero Suite
NVIDIA Drivers
PowerDVD
QuickTime
Rapid Tools 2.2.7.0
RealPlayer Basic
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Spybot - Search & Destroy 1.4
StealthBot v2.6 Revision 3 (remove only)
Steam
STOPzilla
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
VideoLAN VLC media player 0.8.6b
Viewpoint Media Player
WC3Banlist
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
Yrefresher 1.00

Edited by abysssx, 23 September 2007 - 07:22 PM.


#11 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 24 September 2007 - 11:39 AM

Hi abysssx

Please print these instructions out, or save them to a notepad file, for easier reference during the fix.
=====
(Step 1)

Please run HijackThis again, click scan, and put a checkmark next to each of the lines listed below, if still present:


O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -


Then close all other windows--you should only see Hijack This on your Desktop--and click the Fix Checked button, and EXIT Hijack This.
=====
(Step 2)

I see you have Viewpoint installed
Viewpoint Media Player collects information about the user.
From the vendor's privacy policy:

To provide a satisfying consumer experience and to operate effectively,
the Viewpoint Media Player periodically sends information to servers at Viewpoint.

Detected as spyware with some detection programs.

See here:
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/arch...4.php#viewpoint

Go to Start > Control Panel double-click on Add/Remove programs and remove
Viewpoint Media Player

Also remove: ErrorProtector 1.1.145.1
See here: http://www.symantec.com/enterprise/securit...-090413-4411-99
=====
(Step 3)

1). Download this file - combofix.exe and save it to your desktop.
2). Double click combofix.exe & follow the prompts.
3). When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Please post back:


1) The Combofix log
2) New HijackThis log


Stelios

#12 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 September 2007 - 05:02 PM

this is all i can find for combo fix, and hijackthis is under it



ComboFix 07-08-09.3 - "Owner" 2007-09-25 17:53:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.210 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))


2007-09-10 14:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-10 14:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-09-10 14:45 <DIR> d-------- C:\Program Files\Azureus
2007-09-08 15:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Rapid Tools
2007-09-06 18:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-06 18:31 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-06 18:11 <DIR> d-------- C:\88547e8c3a6d2d5939
2007-09-06 18:05 <DIR> d-------- C:\DOCUME~1\Owner\Start MenuRapid Tools
2007-09-06 17:37 <DIR> d-------- C:\Program Files\Rapid Tools


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-25 15:50 --------- d-------- C:\Program Files\Steam
2007-09-24 14:19 --------- d-------- C:\Program Files\Warcraft III
2007-09-14 18:46 --------- d-------- C:\Program Files\STOPzilla!
2007-09-08 09:15 --------- d-------- C:\Program Files\Vuxxkefy
2007-09-08 09:15 --------- d-------- C:\Program Files\Kqkdcdsf
2007-08-19 18:13 --------- d-------- C:\Program Files\Illustrate
2007-08-18 16:57 --------- d-------- C:\Program Files\GoldWave
2007-08-18 15:06 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-08-18 15:06 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-08-12 13:21 --------- d-------- C:\Program Files\No1 Sound Recorder
2007-08-12 13:21 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-08-12 13:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 13:12 --------- d-------- C:\Program Files\ToniArts
2007-08-12 10:46 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-08-12 10:45 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-11 18:50 --------- d-------- C:\Program Files\Messenger
2007-08-11 18:50 --------- d-------- C:\Program Files\lktcfixe
2007-08-10 21:59 --------- d-------- C:\Program Files\Windows NT
2007-08-10 21:59 --------- d-------- C:\Program Files\SecCenter
2007-08-10 21:10 --------- d-------- C:\Program Files\Magicantispy
2007-08-10 21:08 --------- d-------- C:\Program Files\Common Files\mkof
2007-08-10 19:44 --------- d-------- C:\Program Files\Trend Micro
2007-08-10 19:38 6144 --a------ C:\WINDOWS\system32\drivers\BFA5500F-06BB-44C3-834A-0E03E1EB0EAE.cxv
2007-08-10 19:09 5120 --a------ C:\WINDOWS\system32\drivers\B187A75C-4B2D-4650-8FEA-678F399B9C5B.cxv
2007-08-10 19:09 --------- d-------- C:\Program Files\jsxmvofu
2007-08-10 19:07 169147 --a------ C:\WINDOWS\TTC-5555.exe
2007-08-10 19:04 75328 --a------ C:\WINDOWS\system32\rlouyxwk.exe
2007-08-10 19:04 3072 --a------ C:\WINDOWS\system32\drivers\D99A8EE4-C384-441B-877E-FD08C0B56439.cxv
2007-08-10 18:09 2048 --a------ C:\WINDOWS\system32\drivers\4E9A353B-C57B-4FB2-8AAB-DC0524A5A47A.cxv
2007-08-10 17:55 2048 --a------ C:\WINDOWS\system32\drivers\057571AB-43B5-4E23-B949-5E9ABB5539AE.cxv
2007-08-10 17:53 2048 --a------ C:\WINDOWS\system32\drivers\D0475585-DAB4-45D2-8FBF-FC881F4F5CF3.cxv
2007-08-10 17:51 3072 --a------ C:\WINDOWS\system32\drivers\98A22DF9-4CCA-4EB9-A3E1-07902BDCF74C.cxv
2007-08-10 17:30 75328 --a------ C:\WINDOWS\system32\ecuwvljx.exe
2007-08-10 17:28 --------- d-------- C:\Program Files\Common Files\iS3
2007-08-10 17:20 75328 --a------ C:\WINDOWS\system32\wreclrpt.exe
2007-08-10 17:20 --------- d-------- C:\Program Files\Common Files\ErrorProtector Free
2007-08-10 17:13 75328 --a------ C:\WINDOWS\system32\tumctoxu.exe
2007-08-10 16:56 75328 --a------ C:\WINDOWS\system32\ghwuqgwm.exe
2007-08-10 16:42 75328 --a------ C:\WINDOWS\system32\kigqpivc.exe
2007-08-10 16:40 979 --a------ C:\WINDOWS\system32\drivers\product_2_name_small.gif
2007-08-10 16:40 918 --a------ C:\WINDOWS\system32\drivers\s_detect.htm
2007-08-10 16:40 837 --a------ C:\WINDOWS\system32\drivers\blank.gif
2007-08-10 16:40 835 --a------ C:\WINDOWS\system32\drivers\style.css
2007-08-10 16:40 75328 --a------ C:\WINDOWS\system32\ksnnocmw.exe
2007-08-10 16:40 6575 --a------ C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-08-10 16:40 65 --a------ C:\WINDOWS\system32\drivers\sep_hor.gif
2007-08-10 16:40 64 --a------ C:\WINDOWS\system32\drivers\close_icon.gif
2007-08-10 16:40 639 --a------ C:\WINDOWS\system32\drivers\star.gif
2007-08-10 16:40 6373 --a------ C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-08-10 16:40 550 --a------ C:\WINDOWS\system32\drivers\star_small.gif
2007-08-10 16:40 53 --a------ C:\WINDOWS\system32\drivers\sep_vert.gif
2007-08-10 16:40 49 --a------ C:\WINDOWS\system32\drivers\spacer.gif
2007-08-10 16:40 48933 --a------ C:\WINDOWS\system32\drivers\pt.htm
2007-08-10 16:40 4723 --a------ C:\WINDOWS\system32\drivers\detect.htm
2007-08-10 16:40 425 --a------ C:\WINDOWS\system32\drivers\star_gray.gif
2007-08-10 16:40 3877 --a------ C:\WINDOWS\system32\drivers\warning_icon.gif
2007-08-10 16:40 360 --a------ C:\WINDOWS\system32\drivers\header_bg.gif
2007-08-10 16:40 3080 --a------ C:\WINDOWS\system32\drivers\product_3_header.gif
2007-08-10 16:40 2922 --a------ C:\WINDOWS\system32\drivers\footer_back.jpg
2007-08-10 16:40 291 --a------ C:\WINDOWS\system32\drivers\v.gif
2007-08-10 16:40 28459 --a------ C:\WINDOWS\system32\drivers\header_1.gif
2007-08-10 16:40 283 --a------ C:\WINDOWS\system32\drivers\x.gif
2007-08-10 16:40 2604 --a------ C:\WINDOWS\system32\drivers\product_1_header.gif
2007-08-10 16:40 2238 --a------ C:\WINDOWS\system32\drivers\download_box.gif
2007-08-10 16:40 223 --a------ C:\WINDOWS\system32\drivers\star_gray_small.gif
2007-08-10 16:40 2214 --a------ C:\WINDOWS\system32\drivers\product_2_header.gif
2007-08-10 16:40 2186 --a------ C:\WINDOWS\system32\drivers\alert_icon.gif
2007-08-10 16:40 215 --a------ C:\WINDOWS\system32\drivers\main_back.gif
2007-08-10 16:40 2090 --a------ C:\WINDOWS\system32\drivers\shadow.jpg
2007-08-10 16:40 1791 --a------ C:\WINDOWS\system32\drivers\win_logo.gif
2007-08-10 16:40 1714 --a------ C:\WINDOWS\system32\drivers\product_3_name_small.gif
2007-08-10 16:40 1647 --a------ C:\WINDOWS\system32\drivers\button_freescan.gif
2007-08-10 16:40 1619 --a------ C:\WINDOWS\system32\drivers\button_buynow.gif
2007-08-10 16:40 15421 --a------ C:\WINDOWS\system32\drivers\header_2.gif
2007-08-10 16:40 13618 --a------ C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-08-10 16:40 1330 --a------ C:\WINDOWS\system32\drivers\product_features.gif
2007-08-10 16:40 1253 --a------ C:\WINDOWS\system32\drivers\product_1_name_small.gif
2007-08-10 16:40 12326 --a------ C:\WINDOWS\system32\drivers\box_3.gif
2007-08-10 16:40 12313 --a------ C:\WINDOWS\system32\drivers\box_1.gif
2007-08-10 16:40 1204 --a------ C:\WINDOWS\system32\drivers\infected.gif
2007-08-10 16:40 11927 --a------ C:\WINDOWS\system32\drivers\box_2.gif
2007-08-10 16:40 115606 --a------ C:\WINDOWS\system32\skna455101.exe
2007-08-10 16:40 11077 --a------ C:\WINDOWS\system32\drivers\header_4.gif
2007-08-10 16:40 10260 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-08-10 16:40 10193 --a------ C:\WINDOWS\system32\drivers\header_3.gif
2007-08-10 16:40 1014 --a------ C:\WINDOWS\system32\drivers\icon_warning.gif
2007-08-10 16:39 75328 --a------ C:\WINDOWS\system32\goeydtqw.exe
2007-08-09 19:36 75328 --a------ C:\WINDOWS\system32\khomydxu.exe
2007-08-09 19:16 75328 --a------ C:\WINDOWS\system32\mwkcvnfe.exe
2007-08-09 18:48 75328 --a------ C:\WINDOWS\system32\yikkaftu.exe
2007-08-09 18:41 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-09 18:26 75328 --a------ C:\WINDOWS\system32\ysvryoot.exe
2007-08-09 18:22 75328 --a------ C:\WINDOWS\system32\cgjxddvi.exe
2007-08-09 18:06 75328 --a------ C:\WINDOWS\system32\dietdpem.exe
2007-08-09 18:05 75328 --a------ C:\WINDOWS\system32\shnqlavb.exe
2007-08-09 18:00 75328 --a------ C:\WINDOWS\system32\iiskjays.exe
2007-08-09 17:47 75328 --a------ C:\WINDOWS\system32\porhshcg.exe
2007-08-09 17:25 75328 --a------ C:\WINDOWS\system32\vakdfiid.exe
2007-08-09 12:33 75328 --a------ C:\WINDOWS\system32\ioridasi.exe
2007-08-09 12:19 75328 --a------ C:\WINDOWS\system32\beqwihmj.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-03 12:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-03 12:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 11:06 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 C:\WINDOWS\system32\nvmctray.dll]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 04:58]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-15 08:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 19:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirportTycoon2Setup.exe]
C:\DOCUME~1\Owner\Desktop\AIRPOR~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

R0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\DELUSB_51.sys
S3 tcpip_patcher;tcpip_patcher;\??\C:\Program Files\Ares\tcpip_patcher.sys
S4 AOL-TimeSVC;AOL Timer Service;"C:\WINDOWS\repair\aoltimer.exe"
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-09-20 16:02:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03, on 2007-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Rapid Tools\Rapid Tools.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ComboFix\catchme.cfexe
C:\WINDOWS\explorer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5973 bytes

#13 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 25 September 2007 - 04:19 PM

Hi abysssx

Please print these instructions out, or save them to a notepad file, for easier reference during the fix.
=====
The version of the Combofix you have its old, please delete this version and download the new version from the link below.

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe < -- Link


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post all the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post back:

1) The ComboFix.txt
2) And a new HJT log


Stelios

#14 abysssx

abysssx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 29 September 2007 - 05:13 PM

k thank you for being patient




ComboFix 07-09-21.2 - "Owner" 2007-09-29 5:59:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.170 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\jsxmvofu
C:\Program Files\jsxmvofu\hwzuncve.dll
C:\Program Files\Magicantispy
C:\Program Files\Magicantispy\Magicantispy.exe
C:\Program Files\Magicantispy\Magicantispy.lic
C:\Program Files\Magicantispy\Magicantispy0.my
C:\Program Files\Magicantispy\Magicantispy1.my
C:\Program Files\Magicantispy\Uninstall.exe
C:\Program Files\SecCenter
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\beqwihmj.exe
C:\WINDOWS\system32\ceharjad.exe
C:\WINDOWS\system32\cgjxddvi.exe
C:\WINDOWS\system32\config\SYSTEM~1\STARTM~1\Programs\Outerinfo
C:\WINDOWS\system32\config\SYSTEM~1\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\WINDOWS\system32\config\SYSTEM~1\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\WINDOWS\system32\dietdpem.exe
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ecuwvljx.exe
C:\WINDOWS\system32\fqyiltso.exe
C:\WINDOWS\system32\ghwuqgwm.exe
C:\WINDOWS\system32\goeydtqw.exe
C:\WINDOWS\system32\iiskjays.exe
C:\WINDOWS\system32\ioridasi.exe
C:\WINDOWS\system32\khomydxu.exe
C:\WINDOWS\system32\kigqpivc.exe
C:\WINDOWS\system32\ksnnocmw.exe
C:\WINDOWS\system32\liasndya.exe
C:\WINDOWS\system32\mwkcvnfe.exe
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\porhshcg.exe
C:\WINDOWS\system32\rlouyxwk.exe
C:\WINDOWS\system32\scdgrgpk.exe
C:\WINDOWS\system32\shnqlavb.exe
C:\WINDOWS\system32\skna455101.exe
C:\WINDOWS\system32\tumctoxu.exe
C:\WINDOWS\system32\vakdfiid.exe
C:\WINDOWS\system32\wjykuehl.exe
C:\WINDOWS\system32\wreclrpt.exe
C:\WINDOWS\system32\yikkaftu.exe
C:\WINDOWS\system32\ysvryoot.exe
C:\WINDOWS\TTC-5555.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.

2007-09-26 03:41 <DIR> d-------- C:\Program Files\DFX
2007-09-26 03:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX
2007-09-10 14:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-10 14:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-09-10 14:45 <DIR> d-------- C:\Program Files\Azureus
2007-09-08 15:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Rapid Tools
2007-09-06 18:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-06 18:31 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-06 18:11 <DIR> d-------- C:\88547e8c3a6d2d5939
2007-09-06 18:05 <DIR> d-------- C:\DOCUME~1\Owner\Start MenuRapid Tools
2007-09-06 17:37 <DIR> d-------- C:\Program Files\Rapid Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 13:27 --------- d-------- C:\Program Files\Steam
2007-09-29 06:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-09-29 05:04 --------- d-------- C:\Program Files\Warcraft III
2007-09-27 05:10 --------- d-------- C:\Program Files\STOPzilla!
2007-09-26 03:40 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-25 17:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-08 09:15 --------- d-------- C:\Program Files\Vuxxkefy
2007-09-08 09:15 --------- d-------- C:\Program Files\Kqkdcdsf
2007-08-19 18:13 --------- d-------- C:\Program Files\Illustrate
2007-08-18 16:57 --------- d-------- C:\Program Files\GoldWave
2007-08-12 13:21 --------- d-------- C:\Program Files\No1 Sound Recorder
2007-08-12 13:21 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2007-08-12 13:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 13:12 --------- d-------- C:\Program Files\ToniArts
2007-08-12 10:46 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-08-11 18:50 --------- d-------- C:\Program Files\lktcfixe
2007-08-10 21:08 --------- d-------- C:\Program Files\Common Files\mkof
2007-08-10 20:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-10 19:44 --------- d-------- C:\Program Files\Trend Micro
2007-08-10 19:38 6144 --a------ C:\WINDOWS\system32\drivers\BFA5500F-06BB-44C3-834A-0E03E1EB0EAE.cxv
2007-08-10 19:09 5120 --a------ C:\WINDOWS\system32\drivers\B187A75C-4B2D-4650-8FEA-678F399B9C5B.cxv
2007-08-10 19:04 3072 --a------ C:\WINDOWS\system32\drivers\D99A8EE4-C384-441B-877E-FD08C0B56439.cxv
2007-08-10 18:09 2048 --a------ C:\WINDOWS\system32\drivers\4E9A353B-C57B-4FB2-8AAB-DC0524A5A47A.cxv
2007-08-10 17:55 2048 --a------ C:\WINDOWS\system32\drivers\057571AB-43B5-4E23-B949-5E9ABB5539AE.cxv
2007-08-10 17:53 2048 --a------ C:\WINDOWS\system32\drivers\D0475585-DAB4-45D2-8FBF-FC881F4F5CF3.cxv
2007-08-10 17:51 3072 --a------ C:\WINDOWS\system32\drivers\98A22DF9-4CCA-4EB9-A3E1-07902BDCF74C.cxv
2007-08-10 17:44 209 --a------ C:\DOCUME~1\Owner\4716.bat
2007-08-10 17:43 32768 --a------ C:\DOCUME~1\Owner\setup9x.exe
2007-08-10 17:28 --------- d-------- C:\Program Files\Common Files\iS3
2007-08-10 17:20 --------- d-------- C:\Program Files\Common Files\ErrorProtector Free
2007-08-10 16:39 224654 --a------ C:\DOCUME~1\Owner\Setup155.exe
2007-08-10 16:39 115606 --a------ C:\DOCUME~1\Owner\skna455101.exe
2007-08-09 18:41 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-08 16:38 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Ventrilo
2007-08-07 10:08 29184 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys
2007-08-04 19:18 167 --a------ C:\DOCUME~1\Owner\6173.bat
2007-08-04 17:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-30 14:12 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-28 05:06 135 --a------ C:\Program Files\page.html
2007-07-08 13:23 139264 --a------ C:\WINDOWS\War3Unin.exe
2003-08-10 16:40 965664 --a------ C:\DOCUME~1\Owner\Outerinfo-1440.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-03 12:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-03 12:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 11:06 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 C:\WINDOWS\system32\nvmctray.dll]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 04:58]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-15 08:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirportTycoon2Setup.exe]
C:\DOCUME~1\Owner\Desktop\AIRPOR~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

R0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\DELUSB_51.sys
S3 tcpip_patcher;tcpip_patcher;\??\C:\Program Files\Ares\tcpip_patcher.sys
S4 AOL-TimeSVC;AOL Timer Service;"C:\WINDOWS\repair\aoltimer.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 16:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 18:04:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-29 18:07:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 18:06
C:\ComboFix2.txt ... 2007-08-10 20:20
.
--- E O F ---





hi jack this



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:50 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166899742453
O17 - HKLM\System\CCS\Services\Tcpip\..\{889FDCAF-C2B3-4AA0-B2B9-7FD6042C2277}: NameServer = 167.206.245.7,167.206.245.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B05C119-82A8-4151-A486-824A5F559C05}: NameServer = 192.168.1.1,192.168.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5836 bytes

#15 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:07 AM

Posted 30 September 2007 - 03:26 PM

Hi abysssx

Please print these instructions out, or save them to a notepad file, for easier reference during the fix.

Open notepad and copy/paste the text in the quotebox below into it:
File:: 
C:\DOCUME~1\Owner\4716.bat 
C:\DOCUME~1\Owner\setup9x.exe 
C:\DOCUME~1\Owner\Setup155.exe
C:\DOCUME~1\Owner\skna455101.exe 
C:\DOCUME~1\Owner\6173.bat 
C:\DOCUME~1\Owner\Outerinfo-1440.exe 
Folder:: 
C:\Program Files\Common Files\mkof 
C:\Program Files\lktcfixe 
C:\Program Files\Vuxxkefy
C:\Program Files\Kqkdcdsf 
C:\Program Files\Common Files\ErrorProtector Free

Save this as "CFScript"
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log
=====

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" < -- link to tutorial, using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
=====

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:

    C:\WINDOWS\system32\drivers\BFA5500F-06BB-44C3-834A-0E03E1EB0EAE.cxv

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html

Do the same also for this file:

C:\WINDOWS\system32\drivers\B187A75C-4B2D-4650-8FEA-678F399B9C5B.cxv


Please post back:

1) The contents of Combofix.txt
2) The log from Dr.Web
3) The results of Jotti Virus Scanner


Stelios




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users