Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with very elusive and disrupint virus


  • Please log in to reply
7 replies to this topic

#1 Jamesmorris_k

Jamesmorris_k

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 09 December 2008 - 04:48 PM

EDIT: Sorry, I meant disruptive virus, not "disrupint", of course. :thumbsup:


Hi everybody. I seem to have a piece of malware that I can't find, despite scanning with a lot of anit-virus programs. It keeps flooding my computer with about 38 different spyware cookies, and they always reappear no matter how many times I remove them; hence, I figure something deeper-in is importing these. To make matters worse, my browser very often crashes since getting the infection, and sometimes my webpage freezes and starts opening IE over and over and over, 'till I have hundreds of them opening faster than I can click them off. Can somebody please help?


Hijack This Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:15 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\James Morris\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: SiICfg.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 11635 bytes

Edited by Jamesmorris_k, 09 December 2008 - 05:31 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:32 PM

Posted 17 December 2008 - 02:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE


Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Jamesmorris_k

Jamesmorris_k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 17 December 2008 - 03:41 PM

Hello! Thanks for getting back to me. A funny thing happened just now; I turned off all my anti-virus programs and disconnected the internet (control panel>Network Connections>Disable), and ran the DDS program. Now that I've enabled connections again, I can surf the web fine but all my anti-virus programs are saying I have no internet connection when I try to update them.


DDS Report:




DDS (Version 1.1.0) - NTFSx86
Run by James Morris at 12:28:59.62 on Wed 12/17/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2696 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\James Morris\Desktop\Install Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\ntunecmd.exe" boot "c:\documents and settings\james morris\local settings\application data\nvidia corporation\ntune\profiles\osbootpf.nsu"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\jamesm~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\docume~1\jamesm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\siicfg.lnk - c:\program files\silicon image\siicfg\SiICfg.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-16 12936]
R1 avgio;avgio;\??\c:\program files\avira\antivir personaledition classic\avgio.sys [2008-11-27 11840]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-16 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-16 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-16 90632]
R2 a2free;a-squared Free Service;"c:\program files\a-squared free\a2service.exe" [2008-11-8 419448]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\avira\antivir personaledition classic\sched.exe" [2008-11-27 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\program files\avira\antivir personaledition classic\avguard.exe" [2008-11-27 151297]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-16 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-16 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-16 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-16 29208]
R3 avgntflt;avgntflt;\??\c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-11-27 52032]
S2 gupdate1c95d5d6e28d522;Google Update Service (gupdate1c95d5d6e28d522);"c:\program files\google\update\GoogleUpdate.exe" /svc [2008-12-13 119280]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-16 29208]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [2008-11-12 36992]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-11-22 2385896]

=============== Created Last 30 ================

2008-12-16 09:02 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-16 07:50 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-16 07:50 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-16 07:50 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-16 07:50 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-16 07:50 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-16 07:49 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-12-16 07:49 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-16 07:49 <DIR> --d----- c:\program files\AVG
2008-12-16 07:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-15 00:01 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-09 13:36 <DIR> --d----- c:\program files\Trend Micro
2008-12-08 16:40 <DIR> --d----- c:\program files\common files\Scanner
2008-12-07 19:54 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\Printer Info Cache
2008-12-07 19:54 <DIR> --d----- c:\program files\HP
2008-12-07 19:54 <DIR> --d----- c:\program files\common files\HP
2008-12-06 12:27 <DIR> --d----- c:\documents and settings\james morris\.housecall6.6
2008-12-06 09:49 <DIR> --d----- c:\windows\NV55485568.TMP
2008-12-05 18:31 268 a---h--- C:\sqmdata00.sqm
2008-12-05 18:31 244 a---h--- C:\sqmnoopt00.sqm
2008-12-05 18:30 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-05 18:30 203,540 a------- c:\windows\system32\nvapps.nvb
2008-12-05 18:30 <DIR> --d----- c:\windows\NV32244408.TMP
2008-12-05 18:30 <DIR> --d----- C:\NVIDIA
2008-12-05 16:10 34,304 a------- c:\windows\system32\drivers\AmdLLD.sys
2008-12-05 16:10 <DIR> --d----- c:\program files\AMD
2008-12-01 22:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-30 15:57 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax
2008-11-30 15:57 20,992 a------- c:\windows\system32\dshowext.ax
2008-11-29 19:08 <DIR> --d----- c:\docume~1\jamesm~1\applic~1\Ubisoft
2008-11-28 08:05 <DIR> --d----- c:\program files\Steam
2008-11-27 09:41 <DIR> --d----- c:\program files\Avira
2008-11-27 09:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-11-23 09:37 4,874,240 -c------ c:\windows\system32\dllcache\wmp.dll
2008-11-23 09:36 695,808 -c------ c:\windows\system32\dllcache\drmv2clt.dll
2008-11-23 09:35 <DIR> --d----- c:\windows\network diagnostic
2008-11-23 09:35 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2008-11-23 09:34 19,569 a------- c:\windows\005152_.tmp
2008-11-22 21:28 3,932,184 a------- C:\DC6810xp-001.raw
2008-11-22 21:17 151 a------- c:\windows\PhotoSnapViewer.INI
2008-11-22 20:35 <DIR> --d----- c:\program files\MSXML 6.0
2008-11-22 20:24 2,385,896 a------- c:\windows\system32\drivers\VX6000Xp.sys
2008-11-22 20:24 996,712 a------- c:\windows\vVX6000.exe
2008-11-22 20:24 484,712 a------- c:\windows\system32\vVX6000.dll
2008-11-22 20:24 202,088 a------- c:\windows\system32\LCCoin14.dll
2008-11-22 20:24 185,704 a------- c:\windows\system32\cVX6000.dll
2008-11-22 20:24 116,072 a------- c:\windows\system32\VX6000.dll
2008-11-22 20:24 36,328 a------- c:\windows\system32\drivers\VX6KCamd.sys
2008-11-22 20:24 15,497 a------- c:\windows\VX6KStd.ini
2008-11-22 20:24 13,022 a------- c:\windows\VX6000.src
2008-11-21 18:03 <DIR> --d----- c:\program files\iPod
2008-11-21 18:03 <DIR> --d----- c:\program files\iTunes
2008-11-21 18:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 12:43 <DIR> --d----- c:\program files\Bethesda Softworks
2008-11-21 12:40 <DIR> --d----- c:\windows\system32\XPSViewer
2008-11-21 12:39 14,048 -------- c:\windows\system32\spmsg2.dll
2008-11-21 12:37 <DIR> --d----- c:\windows\system32\xlive
2008-11-21 12:36 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-21 08:41 <DIR> --d----- c:\documents and settings\james morris\Contacts
2008-11-21 08:40 <DIR> --d----- c:\program files\Windows Live Toolbar
2008-11-21 08:39 <DIR> --d----- c:\program files\MSN Messenger
2008-11-20 19:44 <DIR> --d----- c:\program files\Yahoo!
2008-11-19 23:01 <DIR> --d----- c:\program files\common files\xing shared
2008-11-19 23:01 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-19 23:01 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-19 23:01 <DIR> --d----- c:\program files\common files\Real
2008-11-19 22:42 <DIR> --d----- c:\program files\2K Games
2008-11-19 18:01 268,648 a------- c:\windows\system32\mucltui.dll
2008-11-19 18:01 208,744 a------- c:\windows\system32\muweb.dll
2008-11-19 18:01 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-11-19 16:31 <DIR> --d----- C:\Downloads
2008-11-19 16:31 <DIR> --d----- c:\program files\BitComet
2008-11-19 14:49 32,592 a------- c:\windows\system32\msonpmon.dll
2008-11-19 14:45 <DIR> --d----- c:\windows\SHELLNEW
2008-11-19 14:18 <DIR> --d----- c:\program files\Bonjour
2008-11-19 12:10 13,724 a------- c:\windows\system32\wpa.bak
2008-11-18 13:44 204,288 a----r-- c:\windows\system32\fdco1ins.dll
2008-11-18 13:44 <DIR> --d----- c:\windows\NV23921992.TMP
2008-11-18 13:42 65,536 ac------ c:\windows\system32\dllcache\a3d.dll
2008-11-18 13:42 765,952 a----r-- c:\windows\system\crlds3d.dll
2008-11-18 13:42 393,088 a----r-- c:\windows\system32\drivers\senfilt.sys
2008-11-18 13:42 141,312 a----r-- c:\windows\system32\drivers\ADIHdAud.sys
2008-11-18 13:42 127,872 a----r-- c:\windows\system32\drivers\aeaudio.sys
2008-11-18 13:42 65,536 a----r-- c:\windows\system32\a3d.dll
2008-11-18 13:42 23,552 a----r-- c:\windows\system32\PostProc.dll
2008-11-18 13:42 49,152 a------- c:\windows\system32\DSndUp.exe
2008-11-18 13:42 <DIR> --d----- c:\program files\Analog Devices
2008-11-18 13:42 1,285,632 -------- c:\windows\system32\SMMedia.dll
2008-11-18 13:42 53,248 -------- c:\windows\system32\wdmioctl.dll
2008-11-18 13:42 45,056 -------- c:\windows\system32\CleanUp.exe
2008-11-18 03:01 253,952 -c------ c:\windows\system32\dllcache\es.dll
2008-11-18 03:01 1,288,192 -c------ c:\windows\system32\dllcache\quartz.dll
2008-11-18 03:01 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-18 03:01 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-18 03:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-18 03:01 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-18 03:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-18 03:01 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-18 03:01 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-18 03:01 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-11-18 03:00 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-18 03:00 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-18 03:00 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-18 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2008-11-17 18:33 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-11-17 18:14 5,810 a------- c:\windows\system32\drivers\ASACPI.sys
2008-11-17 17:59 1,024 a------- C:\.rnd
2008-11-17 17:59 22 a------- c:\windows\FileName
2008-11-17 17:59 <DIR> --d----- c:\program files\NVIDIA Corporation
2008-11-17 17:57 466,944 a------- c:\windows\system32\CapabilityTable.exe
2008-11-17 17:57 176,128 -------- c:\windows\system32\nvuide.exe
2008-11-17 17:57 1,570 -------- c:\windows\system32\nvide.nvu
2008-11-17 17:57 101,632 a----r-- c:\windows\system32\drivers\nvtcp.sys
2008-11-17 17:57 176,128 a------- c:\windows\system32\nvunrm.exe
2008-11-17 17:57 3,657 a------- c:\windows\system32\nvnrm.nvu
2008-11-17 17:57 176,128 a----r-- c:\windows\system32\nvusmb.exe
2008-11-17 17:57 1,864 a----r-- c:\windows\system32\nvsmb.nvu

==================== Find3M ====================

2008-12-17 08:23 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-17 08:23 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-11-23 09:39 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-12 13:45 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-08 12:17 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-24 03:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll

============= FINISH: 12:29:13.92 ===============

Attached Files



#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:32 AM

Posted 17 December 2008 - 04:19 PM

Hello Jamesmorris_k,

You have 2 antivirus programs running.
That's not a good idea, as they may interfere with each other !

My suggestion :

Disable Spybot's TeaTimer because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Go to Start > Control Panel > Software > Add/remove programs and uninstall AVG 8

Reboot your system and check if Avira AntiVir can be updated now.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Jamesmorris_k

Jamesmorris_k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 21 December 2008 - 12:25 PM

So um... any malware in my hijack this/ DDS report?

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:32 AM

Posted 21 December 2008 - 01:33 PM

Hello Jamesmorris_k,

No, your logs look quite clean. :thumbsup:

Did you fix the other issue ?

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Jamesmorris_k

Jamesmorris_k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 21 December 2008 - 03:02 PM

Hello Jamesmorris_k,

No, your logs look quite clean. :thumbsup:

Did you fix the other issue ?

Are you still having problems ?

Greetings,
Thunder




Hmmm. Yes, I'm still having the same big list of spyware cookies infesting my system, no matter how much I remove them. My browsers still crash/freeze frequently.

I'm going to soon decide which anit-virus programmes to remove, but so far everything is updating properly anyways.

#8 Jamesmorris_k

Jamesmorris_k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 21 December 2008 - 10:47 PM

Amazing! I finally figured out where all these spyware cookies and hijackers are coming from! I just went to www. iso hunt . com and I noticed in the load bar it was saying "Downloading [dozens of sites]", and I recognized them all as the spyware cookies I'm getting. Geez, I've been getting my torrents there for years, but now all of a sudden... maybe they're hijacked and don't know it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users