Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have No Clue Might Be Good For Bc Trainees


  • This topic is locked This topic is locked
5 replies to this topic

#1 Inq_PL

Inq_PL

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 17 June 2008 - 12:05 PM

THIS IS URGENT I REALLY NEED SOMEONE TO HELP ME!!!! THIS PC IS EXTREMEL SLOW I CANT STAND IT ANYMORE. MY GIRL IS GIVING ME A HARD TIME I NEED A RELIEF !!PLEASE..MERCY!!:thumbsup::(:):(

I had some viruses on this pcAND I STILL DO(WHERE FROM) I GOT NO CLUE...I DO NOT DO MUCH AND MY C;\ is filling up with MBs.... some viruses were removed(one is still there somewhere"pic is uploaded") others, I really don't know because bitdefender n adaware had frozed and never resolved scanned items. so i was just wondering if there is something unique on this pc that would require assistance from a pro. wish there was a slot in a trainee program. i had come c++ and java done ..guess that would help me proceed ahead of the class :D..anyways...still waiting...for now i hope some of you can find a bug.. THANKS!!! if not..let me know which other soft i can run to detect something odd. THANKS YOU SO MUCH BC ONCE AGAIN FOR YOUR HELP!!!.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:01, on 2008-06-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\WindowsDefender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRAMY\AdAware\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\PROGRAMY\BitDefender\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\devldr32.exe
D:\PROGRAMY\WindowsDefender\MSASCui.exe
D:\PROGRAMY\BitDefender\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
D:\PROGRAMY\AdAware\Ad-Watch2007.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\PROGRAMY\BitDefender\IEToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] "RunDLL32.exe" P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [Ad-Watch] D:\PROGRAMY\AdAware\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\PROGRAMY\WindowsDefender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BDAgent] "D:\PROGRAMY\BitDefender\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\PROGRAMY\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRAMY\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDBB14C-15F0-408C-9651-9968F3DC0280}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\PROGRAMY\AdAware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\PROGRAMY\BitDefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6773 bytes

Attached Files


Edited by Inq_PL, 17 June 2008 - 04:30 PM.

Inq_PL

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:00 PM

Posted 18 June 2008 - 04:37 AM

Hello Inq_PL,

This log looks quite clean actually. :thumbsup:

You are however running so many protection software that it may be causing decreased system performance.

The trace Bitdefender found is located in your system restore points.
You can delete the older existing restore points using the Disk Cleanup utility.

1. Click Start, point to All Programs > Accessories > System Tools and click Disk Cleanup.
2. Click OK.
3. From the Disk Cleanup dialog box, click the More Options tab.
4. Click Yes to confirm your actions.

If you want to remove ALL system restore points :

1. Click Start > Control Panel > System.
2. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply.
3. Reboot and clear the check box again to re-enable System Restore and then click OK

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Inq_PL

Inq_PL
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 19 June 2008 - 11:28 AM

Hi thunder i need you help once again.

I have found these and many others :Zlob.Downloader..and many many files associated with it with xxx additions to it..really SPYBOT SCANNED IT AND YET FOUND NOTHING. WHAT IS UP WITH THIS PC.?? I SEARCHED ON THE NET FOR INFO ON HOW TO ETC but SmitfraudFix had a note on BC SITE that I should not use it without guidance...any hints????

I noticed them below within a spybot S&D window while it was scanning my pc. and i thought thatzlob.downloader didn't sound right :) let me know if i should run SmitfraudFix.


ps I am from Canada. but presently in Poland on vacation :thumbsup:
Inq_PL

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:00 PM

Posted 19 June 2008 - 04:28 PM

Hello Inq_PL,

About your findings with Spybot :
did you see them pass at the very bottom of Spybot or did they show up in the main detection window ?

You see, at the bottom you can see all the malware definitions, stored in Spybot, pass while Spybot scans.
Spybot checks all files found on your system against these definitions to determine if you are infected.
If anything is found, it is displayed in the main window and the "Repair problems" button comes availiable.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Inq_PL

Inq_PL
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 21 June 2008 - 05:46 PM

Hi Thunder!


Yes, You're right. My mistake. These key words were displayed at the bottom of spybot S&D window while it was scanning my PC.
Thank You for your information. At least now I'm calm. But I still wonder if I should run SmitfraudFix, because I have scanned my pc with some other software(I do not remember its name for now) and it found more than 300 tracking cookies. It really surprised me that neither malwarebytes, hijack nor any other software had found them. Including adaware. At least I know that there is no viruses as I thought before.


Thank You once again AND HAVE A PLEASANT DAY :d
Inq_PL

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:00 PM

Posted 21 June 2008 - 05:53 PM

Hello Inq_PL,

No need to worry about those cookies.
In a lot of case you need them for your connections to work well.

And deleting them in the internet optons of IE takes care of them just as easy. :thumbsup:

I wouldn't run SmitfraudFix, there's no need for it.

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users