Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinAntiVirus Pro

Started by bollk100 , Nov 22 2006 01:34 PM

  • Please log in to reply

#1
bollk100
Posted 22 November 2006 - 01:34 PM

bollk100

    New Member

  • Member
  • Pip
  • 3 posts
I am getting lots of pop-ups (WinAntiVirus Pro and others). The computer is running extremely slow. I am also having trouble with MSN Messenger (was unable to log on so I re-installed it. Now I am able to log on, but the icon in the tray at the bottom right of the sreen keeps disappearing even though the MSN Messenger process is still running)

I have done all of the instructions given on the "You Must Read This Before Posting A Hijackthis Log" post. It sped things up a little, but it seems to get worse.

Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 21:42:27, on 22.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laura\Työpöytä\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....6...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {096DD24E-1FBB-41A1-A6DC-2C74794A24F4} - C:\WINDOWS\security\actw.dll
O2 - BHO: (no name) - {43098669-36EE-4542-8410-0A1237092035} - C:\WINDOWS\system32\shuzqqc.dll
O2 - BHO: (no name) - {72AA66B1-4B7F-C7A8-4521-01F02C80352D} - C:\WINDOWS\system32\nftpnmh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\xthqryhf.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DW4] "C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe"
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: actw - C:\WINDOWS\security\actw.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Edited by bollk100, 22 November 2006 - 01:43 PM.

  • 0

Advertisements

#2
MFDnSC
Posted 22 November 2006 - 02:59 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Please download http://www.atribune..../click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
================

1. Download this file :

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
bollk100
Posted 22 November 2006 - 03:35 PM

bollk100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
VundoFix V6.2.11

Checking Java version...

Java version is 1.5.0.6

Scan started at 21:44:29 22.11.2006

Listing files found while scanning....

C:\WINDOWS\security\wtca.ini
C:\WINDOWS\security\wtca.bak1
C:\WINDOWS\security\wtca.bak2
C:\WINDOWS\security\wtca.ini2
C:\WINDOWS\security\wtca.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\security\actw.dll
C:\WINDOWS\security\actw.dll Has been deleted!

Attempting to delete C:\WINDOWS\security\wtca.ini
C:\WINDOWS\security\wtca.ini Has been deleted!

Attempting to delete C:\WINDOWS\security\wtca.bak1
C:\WINDOWS\security\wtca.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\security\wtca.bak2
C:\WINDOWS\security\wtca.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\security\wtca.ini2
C:\WINDOWS\security\wtca.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\security\wtca.tmp
C:\WINDOWS\security\wtca.tmp Has been deleted!

Performing Repairs to the registry.
Done!


______________________________________________________________________________________



Laura - 06-11-22 23:23:51,29 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Laura\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\PrintView
C:\Program Files\Common Files\{3882E355-05BA-1035-1214-010723010166}
C:\Program Files\Common Files\{C882E355-05BA-1035-1214-010723010166}


((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))


2006-11-22 21:45 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-22 21:44 <KANSIO> d-------- C:\VundoFix Backups
2006-11-21 22:15 <KANSIO> d-------- C:\Program Files\MSN Messenger
2006-11-21 20:42 126,996 --a------ C:\WINDOWS\system32\uilewpix.dll
2006-11-21 20:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-21 19:59 <KANSIO> d-------- C:\Program Files\Grisoft
2006-11-21 19:44 126,996 --a------ C:\WINDOWS\system32\lcbmiwoc.dll
2006-11-17 04:05 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-16 20:26 126,996 --a------ C:\WINDOWS\system32\kjvhbquh.dll
2006-11-16 19:46 <KANSIO> dr-h----- C:\Documents and Settings\Laura\Recent
2006-11-16 05:13 94,208 --a------ C:\WINDOWS\system32\kxlpyje.dll
2006-11-16 05:13 71,680 --a------ C:\WINDOWS\system32\shuzqqc.dll
2006-11-13 19:16 <KANSIO> d-------- C:\Program Files\iTunes
2006-11-13 19:16 <KANSIO> d-------- C:\Program Files\iPod
2006-11-13 18:59 <KANSIO> d-------- C:\Program Files\QuickTime
2006-11-08 23:47 <KANSIO> d-------- C:\Program Files\ToniArts
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 07:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-10-30 22:29 110,612 --a------ C:\WINDOWS\system32\pdyogave.exe
2006-10-26 22:46 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-10-26 22:42 <KANSIO> d-------- C:\Program Files\Lavasoft
2006-10-26 22:42 <KANSIO> d-------- C:\Documents and Settings\Laura\Application Data\Lavasoft
2006-10-26 22:25 <KANSIO> d-------- C:\WINDOWS\network diagnostic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-22 23:26 -------- d-------- C:\Program Files\Common Files
2006-11-22 22:49 -------- d-------- C:\Documents and Settings\Laura\Application Data\Skype
2006-11-22 21:58 -------- d-------- C:\Program Files\Morpheus
2006-11-21 23:01 -------- d-------- C:\Program Files\WinRAR
2006-11-21 23:00 -------- d-------- C:\Program Files\Windows Defender
2006-11-21 22:55 -------- d-------- C:\Program Files\Internet Explorer
2006-11-21 22:55 -------- d-------- C:\Program Files\Common Files\System
2006-11-15 14:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 21:48 -------- d-------- C:\Program Files\Apple Software Update
2006-11-04 11:41 -------- d-------- C:\Documents and Settings\Laura\Application Data\AdobeUM
2006-11-03 20:04 28768 --a------ C:\Documents and Settings\Laura\Application Data\GDIPFONTCACHEV1.DAT
2006-10-30 22:30 -------- d-------- C:\Program Files\TVUPlayer
2006-10-29 14:35 -------- d-------- C:\Documents and Settings\Laura\Application Data\Adobe
2006-10-27 00:02 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-27 00:02 -------- d-------- C:\Program Files\Adobe
2006-10-26 23:34 -------- d-------- C:\Program Files\Google
2006-10-26 23:28 -------- d-------- C:\Program Files\DivX
2006-10-26 20:22 -------- d-------- C:\Program Files\Common Files\EPSON
2006-10-21 22:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-21 22:21 -------- d-------- C:\Program Files\BitTorrent
2006-10-21 12:37 -------- d-------- C:\Documents and Settings\Laura\Application Data\SearchToolbarCorp
2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-15 20:59 98324 --a------ C:\WINDOWS\system32\tlvivsfo.dll
2006-10-15 20:34 93696 --a------ C:\WINDOWS\system32\eizszhh.dll
2006-10-15 20:34 72192 --a------ C:\WINDOWS\system32\nftpnmh.dll
2006-10-14 14:31 -------- d-------- C:\Documents and Settings\Laura\Application Data\DivX
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"DW4"="\"C:\\PROGRA~1\\THEWEA~1\\DESKTO~1\\DESKTO~1.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://photos.nsmb.c...ike_231430.jpg"
"SubscribedURL"="http://photos.nsmb.c...ike_231430.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,1f,03,00,00,3e,02,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6e,00,00,00,44,00,00,00,1f,03,00,00,3e,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-22 23:26:33.50
C:\ComboFix.txt ... 06-11-22 23:26


------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:34:42, on 22.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laura\Työpöytä\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....6...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {096DD24E-1FBB-41A1-A6DC-2C74794A24F4} - C:\WINDOWS\security\actw.dll (file missing)
O2 - BHO: (no name) - {43098669-36EE-4542-8410-0A1237092035} - C:\WINDOWS\system32\shuzqqc.dll
O2 - BHO: (no name) - {72AA66B1-4B7F-C7A8-4521-01F02C80352D} - C:\WINDOWS\system32\nftpnmh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\xthqryhf.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DW4] "C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe"
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#4
MFDnSC
Posted 22 November 2006 - 03:42 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {096DD24E-1FBB-41A1-A6DC-2C74794A24F4} - C:\WINDOWS\security\actw.dll (file missing)

O2 - BHO: (no name) - {43098669-36EE-4542-8410-0A1237092035} - C:\WINDOWS\system32\shuzqqc.dll

O2 - BHO: (no name) - {72AA66B1-4B7F-C7A8-4521-01F02C80352D} - C:\WINDOWS\system32\nftpnmh.dll

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\xthqryhf.dll (file missing)

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\shuzqqc.dll
C:\WINDOWS\system32\nftpnmh.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#5
bollk100
Posted 29 November 2006 - 03:46 PM

bollk100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
It seems to be running well now. Thank you very much for the help!
  • 0

#6
MFDnSC
Posted 29 November 2006 - 03:51 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP