Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log Slowdown, Lots Of Error Messages, Possible Trojan?


  • This topic is locked This topic is locked
10 replies to this topic

#1 binx1310

binx1310

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 15 January 2007 - 05:13 PM

avg antivirus picked up 8 trojans the other day. comuter seems a bit slow and explorer keeps crashing.

any help gratefully recieved

will

Logfile of HijackThis v1.99.1
Scan saved at 22:12:06, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.ask4.com/tv
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 27 January 2007 - 11:14 AM

Hello binx1310

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log <--link

And I'll be happy to look at it for you.

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
Thanks, for your patience.

Stelios

#3 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 27 January 2007 - 12:23 PM

Hi. i dont seem to have any problems anymore, although the system is running slower than id like it to and does crash when playing games sometimes. If you could analyse it for me and let me know if anything needs doing would be gratefully received.

Hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 17:17:50, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.ask4.com/tv
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

uninstall list:
ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
ASUS WLAN Card Utilities/Driver
Athlon 64 Processor Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Gamepad Pro USB
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Morpheus Ultra 5.1 (remove only)
Mozilla Firefox (2.0.0.1)
MSXML 4.0 SP2 (KB927978)
Need for Speed™ Carbon
Nero 7 Demo
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Screensavers Installer Version 2
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
SiSRaidPackage
Skype 2.5
Sleep Timer Lite 4.8 Uninstall
SmartSound Quicktracks Plugin
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sygate Personal Firewall
System Requirements Lab
TwinhanData
TwinhanDTV
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB PHONE
USB2.0 PC Camera (SN9C201&202)
VideoLAN VLC media player 0.8.5
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781



cheers
will

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 28 January 2007 - 12:20 PM

Hi binx1310

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.

    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.
=====

I see no signs of viruses or malware in the log. It is clean
Let’s have an online scan to make sure that nothing is hiding from us. If the report come clear you should post your
problem to the appropriate forum. http://www.bleepingcomputer.com/forums/f/21/networking/
=====

Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be promted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Stelios

#5 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 28 January 2007 - 02:16 PM

java thing done, result of kaspersky report. found a few viruses!!!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 28, 2007 7:13:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/01/2007
Kaspersky Anti-Virus database records: 262697
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 89710
Number of viruses found: 5
Number of infected objects: 27 / 0
Number of suspicious objects: 10
Duration of the scan process: 01:28:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC24.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC24.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC30.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC30.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC38.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC38.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\cert8.db Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\history.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\key3.db Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\parent.lock Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\William Durrant\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\Working\database_1A24_3734_2437_126D\dfsr.db Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\Working\database_1A24_3734_2437_126D\fsr.log Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\Working\database_1A24_3734_2437_126D\fsrtmp.log Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Messenger\williamdurrant335@hotmail.com\SharingMetadata\Working\database_1A24_3734_2437_126D\tmp.edb Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Windows Live Contacts\williamdurrant335@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Microsoft\Windows Live Contacts\williamdurrant335@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\~DF91A4.tmp Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\~DFCE72.tmp Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\~DFD2C7.tmp Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\~DFF4F2.tmp Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temp\~DFF7C2.tmp Object is locked skipped
C:\Documents and Settings\William Durrant\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\William Durrant\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\William Durrant\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-137.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-210.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-490.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-521.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-530.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-662.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-886.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\HijackThis\backups\backup-20061205-200412-916.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000051.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000052.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000053.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000054.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000055.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000056.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000085.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000191.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000194.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000196.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000199.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000203.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000206.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000208.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000210.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP1\A0000212.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{43607CCC-6AF0-4C8B-AD89-C3950BC1D43D}\RP36\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{56F9F41C-C849-4AE3-99E8-5BEB7F0ADA95}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{84371E33-6F02-4A0E-8895-DBBF5A54C541}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


cheers for any help,
will

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 29 January 2007 - 05:37 AM

Hi binx1310

Go to Start > Control Panel double-click on Add/Remove programs and remove:

Morpheus Ultra 5.1
=====

Open Spybot > Click Recovery > and select the following items:

Altnet1.zip/asmend.exe
Altnet1.zip ZIP:
SmitfraudC1.zip/ishost.exe
SmitfraudC1.zip ZIP:
SmitfraudC24.zip/ishost.exe
SmitfraudC24.zip ZIP:
SmitfraudC30.zip/ishost.exe
SmitfraudC30.zip ZIP:
SmitfraudC38.zip/ishost.exe
SmitfraudC38.zip ZIP:


Then click "Purge selected items" option on the top of the screen.

=====

Please print out or copy this instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
=====

Please download ATF Cleaner by Atribune. Don’t run it yet .
=====

I see you have Avg anti-spyware please update the program, on the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed once the update has completed close Avg anti-spyware . Don’t run it yet.
=====

Make sure that you can see hidden files.
  • ClickStart.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
=====

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here <--link to tutorial
=====

Now, using Windows Explorer, (right click on start, click on explore) I need you to DELETE the following folder and all their content if still present :

C:\PROGRAM FILES\Need2Find< -- folder
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll< -- file

=====

Still in safe mode run: ATF
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at
the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
If you use Opera browserClick Opera at the
top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located
at the bottom of each menu.]
=====
  • Lauch Avg-anti-spyware by double-clicking the icon on your desktop.IMPORTANT: Do not open any other windows or programs while Avg is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Avg will now begin the scanning process, be patient this may take a little time.
  • Avg will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Avg will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Avg.
IMPORTANT: Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button
=====

Reboot back to normal mode.

Please post back:

1) The Avg report
2) New HijackThis log

Let us know how is your computer working now?

Stelios

#7 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 29 January 2007 - 07:14 AM

hi stellios,

i use morpheus as it is the only p2p ive found so far that works on my university network. i shall try the ones on the safe list of p2p when i have time. Will morpheus cause major problems?

Computer seems to be running fine now. no problems seem to occur.

any advice gratefully recieved

will


avg scan result:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:05:23 29/01/2007

+ Scan result:



:mozilla.253:C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.254:C:\Documents and Settings\William Durrant\Application Data\Mozilla\Firefox\Profiles\s8jfbfj3.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.


::Report end


hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:56, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ToFine\USB PHONE\USB Skype.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.ask4.com/tv
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: usb phone.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162422153265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#8 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 29 January 2007 - 08:31 AM

Hi Will :thumbsup:

i use morpheus as it is the only p2p ive found so far that works on my university network. i shall try the ones on the safe list of p2p when i have time. Will morpheus cause major problems?



Yes I’m afraid so! However, any time you are running any type of P2P application, you are FAR more prone to infection by malware.


(A list compiled by Nexus7 of clean and infected P2P programs can be found here<--link

=====

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup,
Then Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
=====

Please Run HijackThis again, click scan, and Put a checkmark next to each of the lines listed below, if still present:

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

Then close all other windows--you should only see Hijack This on your Desktop--and click the Fix Checked button, and EXIT Hijack This.

=====

Your log is clean! Great job! :flowers:

Important!!
Hide System Files
  • Click Start.
  • Open My Computer.
  • Select Tools menu
  • Click Folder Options.
  • Select the View Tab.
  • Uncheck Show hidden files and foldersin the Hidden files and folders section.
  • Select Hide protected operating system files (recommended) option.
  • Check the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.
=====

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems!



Stelios :huh:

#9 binx1310

binx1310
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 29 January 2007 - 10:15 AM

Excellent thankyou very much, one last thing,

the resetteatimer.bat link doesnt work, it just links to a page of text

will

#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 29 January 2007 - 11:21 AM

Hi Will

Right-click the link and (save target as) to your desktop.
Double-click ResetTeaTimer.bat.
Since it will not be needed again, delete ResetTeaTimer.bat.

Happy surfing!


Stelios

#11 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:52 PM

Posted 15 February 2007 - 11:48 AM

Since the issue is resolved, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Stelios :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users