Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus Popups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Duncs

Duncs

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 October 2006 - 08:45 PM

I'm presently running the following anti-spyware, virus programs:

Ad-Aware
AVG Free
Outpost Firewall
HJT

Here's the latest HJT log - hope you can help, 'cause I don't know what I'm looking for:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:51 AM, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\AVG\avgamsvr.exe
E:\AVG\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\AVG\avgcc.exe
E:\AVG\avgemc.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exe
E:\MICROS~1\Office\OUTLOOK.EXE
C:\HJT\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9A21B249-D9E4-453B-AE33-1EEF05B956FF} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] E:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\AVG\avgemc.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] e:\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Outpost Firewall] E:\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] E:\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [TClockEx] E:\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = E:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - E:\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9199CCF4-AE79-4C64-82AD-7022CCC14C7D}: NameServer = 203.49.70.20 139.134.2.190
O20 - AppInit_DLLs: E:\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\AVG\avgupsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - E:\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe


Regards

Duncs

BC AdBot (Login to Remove)

 


#2 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:03:24 AM

Posted 20 October 2006 - 06:41 AM

Hi and welcome. My name is kairis and I will be helping you.
You have some crap there! But don't worry; we'll get you cleaned up!
Please follow my steps in the right order...
We'll start with this:
Step 1:
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot,
simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
Step 2:
Run a scan with HijackThis and tick the following entries, if present:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file)
O2 - BHO: (no name) - {9A21B249-D9E4-453B-AE33-1EEF05B956FF} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)

Close all windows except HijackThis
Select Fix Checked in HijackThis.

Step 3:
After you have completed the above, please provide:
* Vundofix report
* a new HijackThis log
* and a description of any problems you are having with your PC

#3 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:03:24 AM

Posted 26 October 2006 - 07:04 AM

this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users