Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus (I think) problem, Cannot open any file (documents, my computer,

Started by Rulgar , Nov 05 2006 11:36 PM

  • Please log in to reply

#1
Rulgar
Posted 05 November 2006 - 11:36 PM

Rulgar

    New Member

  • Member
  • Pip
  • 9 posts
Hello, new member on this forum, came here to seek help.

Lately, I have not been able to open My music, My documents, My Computer, etc.

Every time i try to open one of these folders or files my Start menu, toolbar, all my icons completly dissapear for about 6 seconds, they then reappear. The File or folder i tried to open does not open. This is all followed by 1 or 2 messages from Norton antivirus saying im infected by something, it then says it deletes them, however the so-called 'deletion' from Norton antivirus doesn't seem to do anything, and i continue not able to open anything.

Please help soon, Rulgar.
  • 0

Advertisements

#2
loophole
Posted 06 November 2006 - 12:17 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Rulgar
Posted 06 November 2006 - 12:23 AM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello, thanks much for replying. The Hijackthis log is below.


Logfile of HijackThis v1.99.1
Scan saved at 10:22:39 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150810674328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#4
loophole
Posted 06 November 2006 - 12:32 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi there

What is Norton saying is infected?

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
Rulgar
Posted 06 November 2006 - 12:43 AM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello,

For Norton Antivirus messages

1. Object Name: aajnscpf.dll
Virus Name: Infostealer
Action Taken: The file was automatically deleted.

2. Object Name: ayvmxfgr.exe
Virus Name: Downloader
Action Taken: The file was automatically deleted.



Nevermind I was able to download combofix...will post log in a couple minutes,

Kyle lindquist - 06-11-05 22:54:20.45 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Kyle lindquist\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-05 22:52 360 --a------ C:\Combo.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 22:46 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-05 22:22 -------- d-------- C:\Program Files\Hijackthis
2006-11-04 22:34 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-04 22:29 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-04 22:29 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-04 22:29 -------- d-------- C:\Program Files\Symantec
2006-11-04 19:32 -------- d-------- C:\Program Files\Westwood Chat
2006-11-04 19:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-04 17:13 -------- d-------- C:\Program Files\EA Games
2006-11-02 17:03 -------- d-------- C:\Program Files\Real
2006-11-02 16:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-02 16:53 -------- d-------- C:\Program Files\Microsoft Games
2006-11-01 22:15 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Google
2006-10-28 14:42 -------- d-------- C:\Program Files\THQ
2006-10-11 18:51 -------- d-------- C:\Program Files\DivX
2006-10-04 21:41 -------- d-------- C:\Program Files\GustoSoft
2006-10-04 21:18 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Real
2006-10-04 21:15 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-04 21:15 -------- d-------- C:\Program Files\Common Files\Real
2006-10-04 21:15 -------- d-------- C:\Program Files\Common Files
2006-10-04 21:10 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Media Player Classic
2006-10-03 18:20 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Leadertech
2006-10-03 17:40 -------- d-------- C:\Program Files\Atari
2006-10-01 13:30 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\LimeWire
2006-09-29 06:04 -------- d-------- C:\Program Files\MSN Messenger
2006-09-28 16:30 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-26 17:42 -------- d-------- C:\Program Files\Warcraft III
2006-09-26 17:41 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-09-26 16:20 46348 --a------ C:\WINDOWS\system32\SmrtDrive.dll
2006-09-26 06:39 -------- d-------- C:\Program Files\World of Warcraft
2006-09-22 12:19 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Sony Corporation
2006-09-19 21:01 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\AdobeUM
2006-09-19 21:00 -------- d-------- C:\Documents and Settings\Kyle lindquist\Application Data\Adobe
2006-09-14 06:45 -------- d---s---- C:\Documents and Settings\Kyle lindquist\Application Data\Microsoft
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 07:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 04:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 01:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 03:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Fraps"="C:\\FRAPS\\FRAPS.EXE"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,e1,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnlk32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Kyle lindquist.job

Completion time: 06-11-05 22:55:55.75
C:\ComboFix.txt ... 06-11-05 22:55
C:\ComboFix2.txt ... 06-11-05 22:52
C:\ComboFix3.txt ... 06-11-05 22:48

Edited by Rulgar, 06 November 2006 - 12:56 AM.

  • 0

#6
Rulgar
Posted 06 November 2006 - 12:57 AM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
There is the combofix log
  • 0

#7
loophole
Posted 06 November 2006 - 04:17 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Browse to this folder C:\Program Files\Hijackthis , open it and Rename Hijackthis.exe to HJT.exe (important)

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#8
Rulgar
Posted 06 November 2006 - 06:10 PM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello, thanks for replying again :whistling:

Here is hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 4:08:55 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HJT.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8B54643D-C060-42DF-8782-4F32D06AE85E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DECB134C-042C-4A05-961F-F27B8B3FFABD} - C:\WINDOWS\system32\awtqo.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150810674328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winnlk32 - C:\WINDOWS\SYSTEM32\winnlk32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


And here is the Vundofix log (after rebooting to delete two files that could not prior to reboot)


VundoFix V6.2.7

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 3:52:28 PM 11/6/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\oqtwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hope for reply soon.. :blink:

P.S. - I can open my documents, my music, everything now perfectly.. i don't know if this means im done or not, because im still getting some annoying norton antivirus messages. Including one that says Dialer.trojan.

Edited by Rulgar, 06 November 2006 - 06:17 PM.

  • 0

#9
Rulgar
Posted 06 November 2006 - 11:59 PM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, everything seems to be working ok, thanks for the help loophole :whistling:
  • 0

#10
loophole
Posted 07 November 2006 - 03:35 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

I'm sorry for the delayed response, I am unfortunately not feeling very well. Can you do the below for me

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

Advertisements

#11
Rulgar
Posted 07 November 2006 - 06:30 PM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello, sorry to hear your not feeling very well, but thanks for the reply :whistling:

Anyways, for the pandascan, here is the log.


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\winnlk32.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\6fvevcxf.default\cookies.txt[.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Cheryl\Cookies\cheryl@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cheryl\Cookies\cheryl@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cheryl\Cookies\cheryl@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cheryl\Cookies\cheryl@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Cheryl\Cookies\cheryl@hitbox[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.xiti.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.com.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kyle lindquist\Application Data\Mozilla\Firefox\Profiles\lq3olm94.default\cookies.txt[statse.webtrendslive.com/S152628]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@adtech[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@burstnet[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@maxserving[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@statcounter[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@tribalfusion[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kyle lindquist\Cookies\kyle lindquist@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\ntl00l8j.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Megan\Cookies\megan@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Megan\Cookies\megan@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Megan\Cookies\megan@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Megan\Cookies\megan@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Megan\Cookies\megan@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Megan\Cookies\megan@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Megan\Cookies\megan@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Megan\Cookies\megan@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Megan\Cookies\megan@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Megan\Cookies\megan@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Megan\Cookies\megan@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Megan\Cookies\megan@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Megan\Cookies\megan@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Megan\Cookies\megan@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Megan\Cookies\megan@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Megan\Cookies\megan@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Megan\Cookies\megan@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Megan\Cookies\megan@hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Megan\Cookies\megan@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Megan\Cookies\megan@maxserving[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Megan\Cookies\megan@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Megan\Cookies\megan@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Megan\Cookies\megan@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Megan\Cookies\megan@realmedia[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Megan\Cookies\megan@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Megan\Cookies\megan@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Megan\Cookies\megan@tickle[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Megan\Cookies\megan@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Megan\Cookies\megan@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Megan\Cookies\megan@weborama[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Megan\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Megan\Cookies\megan@zedo[1].txt
Possible Virus. Not disinfected C:\VundoFix Backups\awtqo.dll.bad
Possible Virus. Not disinfected C:\WINDOWS\system32\mljjigh.dll
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win2.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win3BD.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win3C5.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win5.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\win59A.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\winD.tmp.exe
Dialer:Dialer.HLD Not disinfected C:\WINDOWS\Temp\winE.tmp.exe

And here is Hijack this:


Logfile of HijackThis v1.99.1
Scan saved at 4:29:37 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8B54643D-C060-42DF-8782-4F32D06AE85E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DECB134C-042C-4A05-961F-F27B8B3FFABD} - C:\WINDOWS\system32\awtqo.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files
  • 0

#12
loophole
Posted 07 November 2006 - 09:28 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :whistling:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\winnlk32.dll
    C:\WINDOWS\system32\mljjigh.dll
    C:\WINDOWS\Temp\win2.tmp.exe
    C:\WINDOWS\Temp\win3BD.tmp.exe
    C:\WINDOWS\Temp\win3C5.tmp.exe
    C:\WINDOWS\Temp\win5.tmp.exe
    C:\WINDOWS\Temp\win59A.tmp.exe
    C:\WINDOWS\Temp\winD.tmp.exe
    C:\WINDOWS\Temp\winE.tmp.exe




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After the reboot

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please post a new hijack log and let me know how the system is behaving
  • 0

#13
Rulgar
Posted 07 November 2006 - 09:47 PM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 7:46:40 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: 195.13.63.187 irc.westwood.com
O1 - Hosts: 195.13.63.187 servserv.westwood.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8B54643D-C060-42DF-8782-4F32D06AE85E} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DECB134C-042C-4A05-961F-F27B8B3FFABD} - C:\WINDOWS\system32\awtqo.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150810674328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winnlk32 - winnlk32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Yea man, my computer seems to be running a lot better, and also seems a bit faster then before. Thanks very much for the help :whistling:

Edited by Rulgar, 07 November 2006 - 09:50 PM.

  • 0

#14
loophole
Posted 08 November 2006 - 06:02 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Just fix the below

Please run a scan with HijackThis and check the following lines for removal:

O2 - BHO: (no name) - {8B54643D-C060-42DF-8782-4F32D06AE85E} - C:\WINDOWS\system32\awtqo.dll (file missing)

O2 - BHO: (no name) - {DECB134C-042C-4A05-961F-F27B8B3FFABD} - C:\WINDOWS\system32\awtqo.dll (file missing)
O20 - Winlogon Notify: winnlk32 - winnlk32.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Your log is clean :blink:
  • 0

#15
Rulgar
Posted 08 November 2006 - 09:05 PM

Rulgar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright im done!

Thanks very much for helping me clean up my computer. I will definitly reccomend this site for any of my friends that may need help and ill be sure to return if i ever need help again.

Thanks again,
Rulgar.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP