[Elo]

causes serious lagging and massive popups when online have run all programs as directed but with these problems avg scans about 80 % then totally crashes pc i did try stopping avg mid scan to remove something called AntiCMOS.A but it says 1 file reported error 0 files healed and I cannot run anything in safemode as all icons are hidden in safemode and the start menu will not function this is all caused by the virus/trojan/whatever it is any help would truly be appreciated i soooooo dont want to reformat my pc again ty again for your time


Logfile of HijackThis v1.99.1
Scan saved at 6:01:21 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\interlinc\velocity.exe
C:\WINDOWS\hurwwwnA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\interlinc\velogui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tandc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: (no name) - {13338D6E-6AA0-6572-A0AB-6143B562A196} - C:\WINDOWS\system32\bus.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Velocity - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\interlinc\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\interlinc\velocity.exe"
O4 - HKLM\..\Run: [hurwwwnA] C:\WINDOWS\hurwwwnA.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Velocity.lnk = C:\Program Files\interlinc\velogui.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\interlinc\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\interlinc\gui_resource.dll/328
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.co...PluginNOSSO.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156806358704
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFEDF725-8A6D-474D-AB54-3C3399E577BC}: NameServer = 12.10.101.2 12.10.101.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hurwwwn.exe

Edited by Elo, 05 October 2006 - 05:35 PM.

[Advertisements]

Elo,

Hi, and welcome to Geeks to Go. I'm currently reviewing your log and will reply shortly.

sari

[sari]

Elo,

Hi, and welcome to Geeks to Go. I'm currently reviewing your log and will reply shortly.

sari

[sari]

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Windows Overlay Components

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

Windows Overlay Components

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• If it wants to install an ActiveX component allow it
• Select either Home User or Company
• Click the big Scan Now button
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post a new hijackthislog and the Activescan report.

Thanks,

sari

[Elo]

Hello and thank you for responding.

I went under services.msc and the is no Windows Overlay Components listed at all.

Is this a problem?

Thank You
Elo

Edited by Elo, 09 October 2006 - 08:12 PM.

[sari]

Elo,

Go to Start > Run, and type cmd. In the box that opens, type the following commands:

sc stop Windows Overlay Components

Hit enter, and then type

sc delete Windows Overlay Components.

Continue with the instructions to run the Panda scan, and post a new hijackthis log and the Activescan log.

Thanks,

sari