Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro and/or more


  • This topic is locked This topic is locked
3 replies to this topic

#1 wastefarmer

wastefarmer

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 December 2009 - 05:31 PM

My laptop has been taken over by Antivirus Pro i believe although the new popups are saying something like Internet... 2010
I have downloaded process explorer and replaced task manager which i could not access. I have been able to stop some processes and have some control.
I have downloaded Hijackthis and have created a log that i can forward to someone that might understand it.

I am unaable to access the internet. I am unable to update malwarebytes successfully even though i have updated to another machine, copied to cd and pasted to laptop that is infected. Malwarebytes still won't run.

Can someone help me? I really need my laptop tomorrow.

Here is a copy of Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:59 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\KEVIN MULLINAX\My Documents\Downloads\procexp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.twinhead.com/
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CC4B2A-29E0-49D1-B19F-8215E3B50768}: NameServer = 193.104.110.38,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD7E17B-CB32-4BE3-9C14-E04040F0491A}: NameServer = 193.104.110.38,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1AD4261-9C15-4B4C-91F7-C44F95393DF8}: NameServer = 193.104.110.38,4.2.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: yasolomu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: hozavagey - {c4e330be-0436-4a76-bee9-aee9d90ddddd} - (no file)
O21 - SSODL: wunusabew - {3dc53a57-b4e8-4f5c-930c-9885b11b2a26} - (no file)
O21 - SSODL: vavusowek - {9693a70e-1df6-487c-b0c4-718ed4b2def3} - (no file)
O21 - SSODL: voyalamij - {b019cb8d-d235-4aa7-8c19-0af58a37128d} - (no file)
O21 - SSODL: fusagefem - {8e1fb9fe-6768-4b0a-b047-323f60eb0287} - (no file)
O21 - SSODL: kafuzelop - {2c58001a-6cd9-424e-8e47-460a8ff505ba} - (no file)
O21 - SSODL: fitupubut - {cb091ff6-4372-4013-915d-1c2afb7c63a4} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8594 bytes
my Hijackthis log:



thanks

Edited by Orange Blossom, 20 December 2009 - 05:59 PM.
Move to HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 PM

Posted 20 December 2009 - 07:23 PM

Hello wastefarmer, and welcome to BleepingComputer.com! :(

Thanks for letting me know (in Chat) that you're planning to do a reformat and clean reinstall of the Operating System. You can use these websites and read for instructions on how to format and reinstall Windows:Should you have any questions, please feel free to ask. Please let me know how it goes.

Also, to protect yourself against malware and reduce your chance of reinfection in the future, I strongly recommend to have a look at following links (giving some advice and tips):Regards,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 wastefarmer

wastefarmer
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 20 December 2009 - 07:32 PM

thanks for the info and help. Just noticed you're from the Netherlands. My wife and I went to Norway, Hungary, Sweden, Denmark and France in 1973 as young marrieds. We won the trip. 2 weeks.

#4 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 PM

Posted 30 December 2009 - 01:34 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users