Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • This topic is locked This topic is locked
3 replies to this topic

#1 nano151

nano151

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 22 February 2008 - 12:51 PM

One of my PCs is really giving me grief. Everything from running slow, to virus detections and cd-rom issues. I went though the steps in the "preperation guide for ...." post and found some viruses using BitDefender. Here are those results:

Infected with: Generic.Peed.Eml.268DA3ED
Infected with: Generic.Peed.Eml.CC4AE3E6
Infected with: Generic.Peed.Eml.667ACF01
Infected with: Generic.Peed.Eml.CF0C0EE7
Infected with: Generic.Peed.Eml.268DA3ED
Infected with: Generic.Peed.Eml.CC4AE3E6
Infected with: Generic.Peed.Eml.667ACF01
Infected with: Generic.Peed.Eml.CF0C0EE7




Here is the Hijack This Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:58 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 172.21.1.6 online6#
O1 - Hosts: online6 hp918
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fhsfcu.coop
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBEC4B9C-345C-4D25-9441-BC751785E11E}: NameServer = 172.24.9.10,216.4.122.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fhsfcu.coop
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fhsfcu.coop

--
End of file - 3086 bytes

Edited by nano151, 22 February 2008 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:05 AM

Posted 05 March 2008 - 12:43 PM

Hello nano151,

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. It looks like your post may have fallen through the cracks, If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post.

I need to see the entire HJT log please, do it this way.
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 nano151

nano151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 05 March 2008 - 12:56 PM

Thank you for the response. I thought i was ignored like the stepchild. :thumbsup:

I've decided to just wipe out the hard drive on that PC and re-install windows. Whenever i get a chance that is. I will be posting another soon for my personal and office PCs. So keep an eye out. :blink:

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:05 AM

Posted 05 March 2008 - 01:05 PM

Nano151 - no one is ignored here. It may take some time for a Qualified HJT Team Member to respond to a post.
(We have to deal with many posts)

Please start a new topic for each system that you are seeking help with now. And please be patient.
All Helpers here are volunteers.

Regards,
Koan

(Thanks Ken!!!)

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users