1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bad infection

Discussion in 'Virus & Other Malware Removal' started by -Oz-, Nov 12, 2007.

Thread Status:
Not open for further replies.
  1. -Oz-

    -Oz- Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    21
    Guys i have this really bad infection, i have really given up....i was gonna format and reinstall, but thought to get helpo from you peeps.

    there are three things, they might be related......
    1. a pic pops up ..something called indonesian smile...
    2. There is a directory/file which i cant delete, i googled up on it..seems to be a malware/trojan of somesort...network.exe
    3. there is a pop up when ever i boot up....it says
    "Windows Update (6300-NGSRP-TMR521A-SMG-542PH-3180) . Check system setting or upgrade system.Maybe your system not full patch .System still safe. www.microsoft.com PATCH CODE : AS3-CTRKEA-SR."

    My system is really getting sluggish....i have tried combofix, sdfix and other stuff but nothing works....please help me out.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:47:28 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    c:\apache\APACHE.EXE
    c:\apache\APACHE.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\winlogon.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\Vypress Chat\VyChat.exe
    c:\documents and settings\Administrator\system.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isa:8080/array.dll?Get.Routing.Script
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa:8080
    F2 - REG:system.ini: Shell=explorer.exe, scvhost.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,scvhost.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UserLogon] C:\Documents and Settings\Administrator\winlogon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Network IPv6] C:\WINDOWS\Network-IPv6\network.exe
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    O4 - Global Startup: Vypress Chat StartUp.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} - http://www.pakdata.com/download/PDMSInstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB1B248-119E-4282-BDEE-3E6F9C152F91}: NameServer = 192.168.1.99
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4679263-A8A2-4D08-B3EF-2721D40648F5}: NameServer = 202.59.88.10,202.59.80.10
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6FB1B248-119E-4282-BDEE-3E6F9C152F91}: NameServer = 192.168.1.99
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6FB1B248-119E-4282-BDEE-3E6F9C152F91}: NameServer = 192.168.1.99
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 4665 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - infection
  1. Scudstorm
    Replies:
    13
    Views:
    868
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650925

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice