Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winantivirus problems [CLOSED]


  • This topic is locked This topic is locked

#1
deoterra402

deoterra402

    Member

  • Member
  • PipPip
  • 11 posts
this is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:23:56 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ZGVyZWs\command.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\d\LOCALS~1\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {3B58A5B1-3DCE-C08D-582F-0121ACA27325} -

C:\WINDOWS\system32\dqdieym.dll
O2 - BHO: (no name) - {5735E7BE-06DD-62D1-E813-038F9C4FD7E9} -

C:\WINDOWS\system32\kaqesxm.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety

Bar\SafetyBar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"

/STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common

Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common

Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dqdieym.dll] C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dqdieym.dll,jmfcxqb
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rzmz] C:\PROGRA~1\COMMON~1\rzmz\rzmzm.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: winbug32 - C:\WINDOWS\SYSTEM32\winbug32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} -

C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVyZWs\command.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program

Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


this is my vundo log:


VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 12:11:40 AM 10/2/2006

Listing files found while scanning....

C:\WINDOWS\system32\estfhvqp.dll
C:\WINDOWS\system32\rqrsqom.dll
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\estfhvqp.dll
C:\WINDOWS\system32\estfhvqp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rqrsqom.dll
C:\WINDOWS\system32\rqrsqom.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll Could not be deleted.

Attempting to delete C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 12:03:21 AM 10/3/2006

Listing files found while scanning....

C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe

Beginning removal...

Attempting to delete C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\services.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe
C:\Program Files\Common Files\{BCE8CACE-05DC-1033-0329-050305130001}\Update.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 7:57:36 AM 10/3/2006

Listing files found while scanning....


Beginning removal...

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 8:09:43 AM 10/3/2006

Listing files found while scanning....


VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 8:12:16 AM 10/3/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 8:17:09 AM 10/3/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...


ran vundofix found nothing, ran mcafee and also found nothing. ran both in safe mode as well with no results. any suggestions on what to do next?

Edited by deoterra402, 03 October 2006 - 07:31 AM.

  • 0

Advertisements


#2
Mr_JAk3

Mr_JAk3

    Visiting Staff

  • Member
  • PipPip
  • 95 posts
Hi deoterra402 :whistling:

You got some infections there...

Download HijackThis to your desktop -> HijackThis 1.99.1
Create a new folder named HijackThis to your desktop. Move HijackThis.exe into that folder.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with a fresh Hijackthis log.
NOTE! When the HijackThis log is in the Notepad document, uncheck WordWrap from "Format" -> "WordWrap"

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
  • 0

#3
Mr_JAk3

Mr_JAk3

    Visiting Staff

  • Member
  • PipPip
  • 95 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP