Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dirtcreature

Dirtcreature

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 01 June 2008 - 02:41 AM

Hiya.

I let a friend huse sit for me, and now my PC is going slower than my old ZX Spectrum.

I've done the usual, run my anti virus, SuperAntiSpyware and Ad-Aware, Kaspersky, etc., however the problem is still there.

Symptoms: Once I log into Windows the PC takes about 10 to 15 minutes to finish setting up the start up programs (even though there is no sound f hard drive activity, Web browser takes ages to load screens, severe lag on all online games (EQ, WOW, etc.)

Here is my first HiJackThis log...Thanks for any help you can give.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:51, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS.000\system32\nvsvc32.exe
C:\WINDOWS.000\system32\PnkBstrA.exe
C:\WINDOWS.000\system32\PnkBstrB.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS.000\RTHDCPL.EXE
C:\WINDOWS.000\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\WINDOWS.000\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Samsung\Samsung PC Studio 3\Util\OBEX.SMS.exe
C:\WINDOWS.000\system32\wuauclt.exe
C:\WINDOWS.000\SYSTEM32\spider.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.000\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.000\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.000\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.000\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.000\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189956626203
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199908369218
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.000\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS.000\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS.000\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 10137 bytes
Making viruses, malware, grayware, spyware, adware, etc: Nature's way of saying "Hah hah! You have no friend's, you ugly virgin!"

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 07 June 2008 - 05:02 PM

Hi

Your log's clean ...

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 Dirtcreature

Dirtcreature
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 10 June 2008 - 01:35 PM

Thanks for looking into this for me! I've run these three programs and my PC is still running slow and taking ages to boot up once I enter my Windows password. When the superantispyware program starts up upon startup, that's when the computer grinds to a halt for a while. Thought you ought to know that...should I unistall it, or is that not the problem?

In the order you told me to run those three programs, here are the logs...




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 10, 2008 6:19:28 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/06/2008
Kaspersky Anti-Virus database records: 841469
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 247244
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:03

Infected Object Name / Virus Name / Last Action
C:\WINDOWS.000\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS.000\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS.000\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS.000\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS.000\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS.000\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS.000\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS.000\TEMP\ZLT03626.TMP Object is locked skipped
C:\WINDOWS.000\TEMP\ZLT03629.TMP Object is locked skipped
C:\WINDOWS.000\TEMP\Perflib_Perfdata_5b8.dat Object is locked skipped
C:\WINDOWS.000\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS.000\Sti_Trace.log Object is locked skipped
C:\WINDOWS.000\wiaservc.log Object is locked skipped
C:\WINDOWS.000\SchedLog.Txt Object is locked skipped
C:\WINDOWS.000\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS.000\wiadebug.log Object is locked skipped
C:\WINDOWS.000\WindowsUpdate.log Object is locked skipped
C:\WINDOWS.000\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS.000\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS.000\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS.000\Internet Logs\ANDY.ldb Object is locked skipped
C:\WINDOWS.000\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS.000\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\BOINC\stderrgui.txt Object is locked skipped
C:\Program Files\BOINC\stdoutgui.txt Object is locked skipped
C:\Program Files\BOINC\stderrdae.txt Object is locked skipped
C:\Program Files\BOINC\stdoutdae.txt Object is locked skipped
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\06mr08ad.14727.102454.12.8.42_0_0 Object is locked skipped
C:\Program Files\BOINC\slots\0\stderr.txt Object is locked skipped
C:\Program Files\BOINC\slots\0\boinc_lockfile Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\History\History.IE5\MSHist012008060920080610\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Andy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andy\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-6-8-2008( 21-43-44 ).LOG Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{D74CB433-1518-4577-98F8-4CAB356ECCD2}\RP186\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{D74CB433-1518-4577-98F8-4CAB356ECCD2}\RP186\change.log Object is locked skipped

Scan process completed.



===================================================================================================================================



Malwarebytes' Anti-Malware 1.15
Database version: 841

17:25:51 10/06/2008
mbam-log-6-10-2008 (17-25-41).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 290136
Time elapsed: 1 hour(s), 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



=======================================================================================================================================







ComboFix 08-06-09.7 - Andy 2008-06-10 19:25:41.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894 [GMT 1:00]
Running from: C:\Documents and Settings\Andy\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-08 18:21 . 2008-06-08 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 18:21 . 2008-06-08 18:21 <DIR> d-------- C:\Documents and Settings\Andy\Application Data\Malwarebytes
2008-06-08 18:21 . 2008-06-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 18:21 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS.000\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-08 18:21 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS.000\SYSTEM32\DRIVERS\mbam.sys
2008-06-08 18:20 . 2008-06-08 18:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 21:35 . 2008-06-02 21:35 <DIR> d-------- C:\Documents and Settings\Andy\Application Data\CCP
2008-06-02 21:35 . 2008-06-02 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-06-02 21:35 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS.000\SYSTEM32\d3dx9_35.dll
2008-06-02 07:18 . 2008-06-02 07:18 <DIR> d-------- C:\Program Files\CCP
2008-05-26 19:15 . 2008-05-26 19:15 <DIR> d--hs---- C:\FOUND.000
2008-05-19 17:57 . 2008-05-19 17:57 <DIR> d-------- C:\Program Files\Bethesda Softworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 20:41 2,804 --sha-w C:\WINDOWS.000\system32\drivers\fidbox.idx
2008-06-08 20:41 1,212,416 --sha-w C:\WINDOWS.000\system32\drivers\fidbox.dat
2008-05-19 09:58 12,484,937 ------w C:\WINDOWS.000\Internet Logs\tvDebug.zip
2008-04-20 12:09 5,942,784 ------w C:\WINDOWS.000\Internet Logs\xDB2.tmp
2008-04-19 21:17 --------- d-----w C:\Program Files\Apple Software Update
2008-04-19 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-12 13:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 10:10 --------- d-----w C:\Program Files\QuickTime
2008-04-03 17:38 20,608 ----a-w C:\Documents and Settings\Andy\Application Data\GDIPFONTCACHEV1.DAT
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS.000\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS.000\SYSTEM32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS.000\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS.000\SYSTEM32\dllcache\win32k.sys
2008-03-13 22:11 75,248 ----a-w C:\WINDOWS.000\zllsputility.exe
2008-03-13 22:11 1,086,952 ----a-w C:\WINDOWS.000\SYSTEM32\zpeng24.dll
2007-05-12 18:58 271 --sh--w C:\Program Files\desktop.ini
2007-05-12 18:58 23,357 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-02-15 07:31 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-15 07:31 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.000\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-08 21:21 1506544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 09:44 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 04:14 15473664 C:\WINDOWS.000\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS.000\SYSTEM32\nwiz.exe]
"NWEReboot"="" []
"NvMediaCenter"="C:\WINDOWS.000\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2005-12-12 15:57 69632]
"NvCplDaemon"="C:\WINDOWS.000\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"NeroCheck"="C:\WINDOWS.000\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS.000\SYSTEM32\HdAShCut.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.000\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 01:47 8720384]

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-08 21:21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.AP41"= APmpg4v1.dll
"VIDC.DIV3"= APmpg4v1.dll
"VIDC.DIV4"= APmpg4v1.dll
"VIDC.MP43"= APmpg4v1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IrMon"=irmon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\WINDOWS.000\system32\drivers\aswSP.sys [2008-03-29 18:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.000\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;C:\Program Files\SuperUtility\FoxAwdWINFLASH.SYS [2005-10-29 09:16]
S3 FXDRV;FXDRV;C:\Program Files\SuperUtility\Fxdrv.sys [2004-07-01 22:46]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS.000\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS.000\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS.000\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS.000\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 22:00:02 C:\WINDOWS.000\Tasks\Tune-up Application Start.job"
"2008-06-10 17:19:02 C:\WINDOWS.000\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS.000\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-06-03 22:37:04 C:\WINDOWS.000\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 19:27:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS.000\explorer.exe
-> C:\WINDOWS.000\system32\nview.dll
.
Completion time: 2008-06-10 19:28:24
ComboFix-quarantined-files.txt 2008-06-10 18:28:16
ComboFix2.txt 2008-06-10 18:12:26

Pre-Run: 22,274,113,536 bytes free
Post-Run: 22,268,018,688 bytes free

135 --- E O F --- 2008-05-16 16:31:48
Making viruses, malware, grayware, spyware, adware, etc: Nature's way of saying "Hah hah! You have no friend's, you ugly virgin!"

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 11 June 2008 - 03:22 PM

Hi

ALL those logs are virtually clean ...

If you run Malwarebytes' Anti-Malware again ... & this time do this ...

* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.


It will remove these :-

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> No action taken.

Not that I think for one second this is causing the problem ...

Your Combofix log is also clean ... but you have run Combofix twice, & and posted the latest log, the first log may have shown deleted files in a section called "other deletions" near the top of the report ... if there were any, can you post them ...

The log you posted is ComboFix.txt

the first log is ComboFix2.txt ... with the 2 in it.

-
1. Go into SUPERAntiSpyware & stop it starting on startup ... see if it loads quicker ...

-
2. Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

See if that helps ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 24 July 2008 - 02:39 PM

Due to lack of feedback this topic is now closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users