1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

symptoms of my computer

Discussion in 'Windows XP' started by Faraaz, Jul 14, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    hey

    I have Avg antivirus/antispyware
    Adaware SE personal
    Ccleaner
    Zonealarm
    Avg antiroot kit
    Spybot Search and Destroy
    Hijack This

    I've run scans etc in safe mode but i still cant seem to get rid of the Js/Psyme virus
    Avg can only move it to virus vault
    occasionally another virus will pop up while i scan (Exploit virus)

    I recieve lots of pop ups and file download windows, Also many Active X download requests
    My Task Manager is disabled and i have no idea how to get it back
    other then that my computer is runnning very very slow and in safemode likes to do a physical memory dump and the screen goes blue

    help me please
    i have windows 2000 ME (mellenium edition)
    any help would be greatly apreciated

    Faraaz

    (following is a HiJackThis Log)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:07:57 PM, on 7/14/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Security Adviser\mssadv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\system32\MDM.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\hijackThis\Analyze.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6963 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new Hijack This log
     
  3. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    thanks for the much apreciated help

    here is my SDfix report and following it will be my HiJackThis log


    SDFix: Version 1.91

    Run by Techtronics on Sat 07/14/2007 at 9:16p

    Microsoft Windows 2000 [Version 5.00.2195]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    main1

    ImagePath:
    \??\C:\WINDOWS\system32\main.sys

    main1 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    No Trojan Files Found




    Removing Temp Files...

    ADS Check:

    C:\WINNT
    No streams found.

    C:\WINNT\system32
    No streams found.

    C:\WINNT\system32\svchost.exe
    No streams found.

    C:\WINNT\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Remaining Files:
    ---------------


    Files with Hidden Attributes:

    C:\CDPACKS\DEVICE DRIVER CD\Install\Setuplib.dll
    C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\_Setup.dll
    C:\CDPACKS\DEVICE DRIVER CD\Install\BIOSDate.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Detect.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Install.EXE
    C:\CDPACKS\DEVICE DRIVER CD\Install\Menu.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Menu_view.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Reboot.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\instmsia.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\instmsiw.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\setup.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\DeviceList.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\Setup.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\_ISDel.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Menu\Display.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AC2K.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AC98.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\ACL98.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\ACLME.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\All.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AutoClick.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Change.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\CheckPath.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Counter.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelDv.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DeleteFiles.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelT2.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelT2Dv.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelTools.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\LostRun.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RegClean.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Regexe.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Restart.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RunAP.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RunRegexe.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\SDW98ME.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\SoundDrv.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Total\instmsia.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Total\instmsiw.exe
    C:\CDPACKS\DEVICE DRIVER CD\Install\Total\setup.exe
    C:\WINNT\system32\Tools\AC2K.exe
    C:\WINNT\system32\Tools\AC98.exe
    C:\WINNT\system32\Tools\ACL98.exe
    C:\WINNT\system32\Tools\ACLME.exe
    C:\WINNT\system32\Tools\All.exe
    C:\WINNT\system32\Tools\AutoClick.exe
    C:\WINNT\system32\Tools\Change.exe
    C:\WINNT\system32\Tools\CheckPath.exe
    C:\WINNT\system32\Tools\Counter.exe
    C:\WINNT\system32\Tools\DelDv.exe
    C:\WINNT\system32\Tools\DeleteFiles.exe
    C:\WINNT\system32\Tools\DelT2.exe
    C:\WINNT\system32\Tools\DelT2Dv.exe
    C:\WINNT\system32\Tools\DelTools.exe
    C:\WINNT\system32\Tools\LostRun.exe
    C:\WINNT\system32\Tools\RegClean.exe
    C:\WINNT\system32\Tools\Regexe.exe
    C:\WINNT\system32\Tools\Restart.exe
    C:\WINNT\system32\Tools\RunAP.exe
    C:\WINNT\system32\Tools\RunRegexe.exe
    C:\WINNT\system32\Tools\SDW98ME.exe
    C:\WINNT\system32\Tools\SoundDrv.exe
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0003.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0004.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0005.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0177.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0748.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0977.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL1973.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3068.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3239.tmp
    C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3477.tmp

    Finished



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:34:14 PM, on 7/14/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINNT\system32\notepad.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Security Adviser\mssadv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\hijackThis\Analyze.exe
    C:\WINNT\system32\MDM.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7033 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  5. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    ok
    hahah that scan took 3 hours and 19 minutes
    here they are

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/15/2007 at 06:30 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 03:16:16

    Memory items scanned : 329
    Memory threats detected : 0
    Registry items scanned : 4234
    Registry threats detected : 13
    File items scanned : 23874
    File threats detected : 66

    Trojan.Aff-YourThumbs
    [Microsoft security adviser] C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
    C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
    [Microsoft security adviser] C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
    C:\WINNT\MSSADV.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected]****ed[1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][11].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[9].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][3].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[6].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][14].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[11].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][3].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
    C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt

    Malware.DriveCleaner
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files#C:\WINNT\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion#LastModified
    C:\WINNT\DOWNLOADED PROGRAM FILES\UDC6_0001_D19M2808NETINSTALLER.INF

    Trojan.Download-Gen/SexVideoStation
    C:\QOOBOX\QUARANTINE\C\SVCHOST.EXE.VIR
    C:\SVCHOST2.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\FKF1UKCD\title[1].html
    C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\CLMBK9EF\if_z[1].html
    C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\09AB4XUN\do_z[1].html



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:43:56 PM, on 7/15/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINNT\system32\MDM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackThis\Analyze.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6916 bytes
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe


    Reboot and post another Hijack This log please.
     
  7. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    hahah you know your stuff

    task manager is still disabled

    but heres the stuff

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\agarghnd

    *******************

    Script file located at: \??\C:\Program Files\xoelcqdi.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Folder C:\Program Files\Microsoft Security Adviser deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:41:41 PM, on 7/16/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINNT\system32\MDM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackThis\Analyze.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5821 bytes
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Can you give the full error message regarding Task Manager
     
  9. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    hehe well there is no error message
    but
    when i press Ctr+Alt+Delete it brings up the windows security screen, The Task manager button is gray and i am unable to press it

    also, i dont know if this is related at all but, on the start bar, the buttons beside the start button are all black, I still can press them etc but the icon doesnt show


    thanks again for the help
    i really apreciate it

    :O

    Faraaz
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  11. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    hahaha they both work
    i love you
    i love you
    i love you
    love
    no sex


    "Techtronics" - 07/17/2007 22:48:58 - ComboFix 07-07-14.6 - Service Pack 4 NTFS [SAFE MODE]


    ((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


    2007-07-15 15:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-15 15:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-15 15:01 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-15 15:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-14 21:12 <DIR> d-------- C:\WINNT\ERUNT
    2007-07-14 18:37 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\Viewpoint
    2007-07-13 23:17 51,200 --a------ C:\WINNT\nircmd.exe
    2007-07-13 22:43 3,968 --a------ C:\WINNT\system32\drivers\AvgArCln.sys
    2007-07-13 22:38 <DIR> d-------- C:\VundoFix Backups
    2007-07-13 22:08 3,100 --a------ C:\WINNT\system32\tmp.reg
    2007-07-13 22:07 51,200 --a------ C:\WINNT\system32\dumphive.exe
    2007-07-13 22:07 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
    2007-07-13 22:06 53,248 --a------ C:\WINNT\system32\Process.exe
    2007-07-13 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-07-13 14:40 <DIR> d-------- C:\Program Files\Yahoo!
    2007-07-13 14:40 <DIR> d-------- C:\Program Files\CCleaner
    2007-07-13 14:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-13 14:20 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
    2007-07-13 01:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
    2007-07-13 01:04 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
    2007-07-13 01:01 75,248 --a------ C:\WINNT\zllsputility.exe
    2007-07-13 01:00 11,264 --a------ C:\WINNT\system32\SpOrder.dll
    2007-07-13 00:59 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
    2007-07-13 00:59 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
    2007-07-13 00:58 661,536 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
    2007-07-13 00:58 1,824 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
    2007-07-13 00:57 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
    2007-07-13 00:48 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
    2007-07-13 00:47 <DIR> d-------- C:\WINNT\system32\ZoneLabs
    2007-07-13 00:46 <DIR> d-a------ C:\WINNT\Internet Logs
    2007-07-11 15:27 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\acccore
    2007-07-11 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    2007-07-11 15:23 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
    2007-07-11 15:20 <DIR> d-------- C:\Program Files\AIM6
    2007-07-11 15:19 335 --a------ C:\WINNT\nsreg.dat
    2007-07-11 14:50 90,112 -ra------ C:\WINNT\system32\pizzabx.exe
    2007-07-11 14:50 208,896 -ra------ C:\WINNT\system32\pizzadx.dll
    2007-06-18 10:53 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 06:58:26 32 --sha-w C:\WINNT\system32\drivers\fidbox.idx
    2007-07-13 06:58:24 32 --sha-w C:\WINNT\system32\drivers\fidbox2.idx
    2007-07-11 21:31:09 -------- d-----w C:\Program Files\AIM
    2007-07-11 21:25:51 -------- d-----w C:\Program Files\Common Files\AOL
    2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
    2007-04-23 06:22:01 939,280 ----a-w C:\WINNT\system32\ntdsa.dll
    2007-04-19 05:06:31 6,239,232 ----a-w C:\WINNT\system32\sp3res.dll
    2005-01-27 22:44:28 271 ---h--w C:\Program Files\desktop.ini
    2005-01-27 22:44:28 21,952 ---h--w C:\Program Files\folder.htt
    1998-12-09 08:53:54 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 08:53:54 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 08:53:54 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 08:53:54 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 08:53:54 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 08:53:54 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    10/26/06 10:28a 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    05/31/05 01:04a 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/07 08:10a]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/06 05:57p]
    "mssadv.exe"="" []
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 03:25a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/05 10:05a]
    "mssadv.exe"="" []
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/06 09:29a]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/07 02:06p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [05/30/07 06:29a]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [12/20/06 01:55p]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-17 22:51:59
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 07/17/2007 22:52:50
    C:\ComboFix-quarantined-files.txt ... 07/17/07 10:52p
    C:\ComboFix2.txt ... 07/13/07 11:42p

    --- E O F ---




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:31:04 AM, on 7/18/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\system32\MDM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackThis\Analyze.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5953 bytes
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    LOL glad to hear its working ;)

    I was curious about these 2 files though:

    C:\WINNT\system32\pizzabx.exe
    C:\WINNT\system32\pizzadx.dll

    Please go to this site: http://virusscan.jotti.org/

    Use the Browse button at Jotti.
    Navigate to the file's location on your hard drive and submit them.
    Let me know what it says regarding the files.
     
  13. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    oi!
    so i scanned both files
    and for both of them the result was "No virus found" under every catagory and up top it was "OK"
    but right i almost forgot to tell you about something

    sometimes... its pretty random
    but when open a page with internet explorer
    it wont just open one... its will open hundreds :O
    and they just keep opening and opening, effectively freezing me up
    before when i didnt have task manager all i could do was manually restart
    now i gotta end progam them faster then they can spawn
    hmmm.... other then that my computer is running really slowly

    i love you

    (>^(>O.O)> <----- yay!

    Faraaz
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.



          [*]NOTE:
          If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
     
  15. Faraaz

    Faraaz Thread Starter

    Joined:
    Jul 14, 2007
    Messages:
    10
    oh yessir the task has been completed

    now what shall happen?

    (>^(>O.O)>
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - symptoms computer
  1. Buffalo19
    Replies:
    1
    Views:
    742
  2. Marcella253
    Replies:
    2
    Views:
    739
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595862

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice