Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Slow, Popups


  • Please log in to reply

#1
Syke

Syke

    Member

  • Member
  • PipPip
  • 53 posts
My computer is running alot slower, and im getting random ad popups.
I belive I have spyware/viruses

Thanks for your time, and knowledge in advance...

Logfile of HijackThis v1.99.1
Scan saved at 3:41:41 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSLLkSrv.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\wamp\wampmanager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {0E11A90B-5313-4B4F-8F8D-A2FB46046B53} - (no file)
O2 - BHO: (no name) - {3567B902-8A83-4701-B84D-558A56F8CF2B} - (no file)
O2 - BHO: (no name) - {54004247-799D-57E8-C3A4-00EE10A43342} - (no file)
O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{226E437B-52B7-4C9F-9D3D-46CB6D55EA81}: NameServer = 68.87.71.226,68.87.73.242
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomljgf - qomljgf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - C:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:21:19 AM 2/23/2007

+ Scan result:



C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015161.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015162.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015068.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030295.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030296.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017297.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015170.exe -> Backdoor.Landis.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015164.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015166.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015165.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015169.tlb -> Downloader.Zlob.wd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015158.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030294.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0021252.dll -> Logger.Perfloger.i : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020750.exe -> Not-A-Virus.HackTool.Win32.Scanner.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015100.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015199.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017299.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019306.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015197.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\Wordlist.rar/mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020765.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\Update.exe -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\system.dll -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


SUPERAntiSpyware Scan Log
Generated 02/23/2007 at 03:31 PM

Application Version : 3.5.1016

Core Rules Database Version : 3188
Trace Rules Database Version: 1198

Scan type : Complete Scan
Total Scan Time : 02:52:38

Memory items scanned : 390
Memory threats detected : 2
Registry items scanned : 4701
Registry threats detected : 6
File items scanned : 152819
File threats detected : 23

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWVVW.DLL
C:\WINDOWS\SYSTEM32\AWVVW.DLL
HKLM\Software\Classes\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3567B902-8A83-4701-B84D-558A56F8CF2B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awvvw

Trojan.Downloader-Quake11
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0016199.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0019744.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020755.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020763.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020766.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020767.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner.CLICKCHIP\Cookies\owner@revsci[2].txt

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE

Trojan.Downloader-SpyTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015168.DLL
C:\WINDOWS\SYSTEM32\HINPFODS.DLL
C:\WINDOWS\SYSTEM32\NSFRTNHI.DLL
C:\WINDOWS\SYSTEM32\OMKKGOWX.DLL

Trojan.Downloader-Gen/LIB
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0016294.DLL

Trojan.Downloader-DoneDU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019307.DLL

ReFOG KGB Keylogger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020931.EXE

Worm.Alcra Variant
C:\WINDOWS\SYSTEM32\NETSTAT.COM
C:\WINDOWS\SYSTEM32\TASKKILL.COM

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO

Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA

Trojan.Homepage
D:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015172.DLL



Here is one of the popups I just got: http://www.winantivi.....id=virus com>]http://www.winantiviruspro.com/pages/newco...id=virus+com%3E

Edited by Syke, 23 February 2007 - 02:57 PM.

  • 0

Advertisements


#2
ultimateslacker2

ultimateslacker2

    Member 1K

  • Retired Staff
  • 1,581 posts
You should post those logs in the Malware Forum please.
  • 0

#3
hardwareguru

hardwareguru

    New Member

  • Member
  • Pip
  • 4 posts
Hey dude,

Sounds like you could use some help from some malware professionals... go here.

http://forum.malware...topic.php?t=233

Sorry, this will take you straight to the registration area http://forum.malware...424c1cd538e7796


Register and post your Hijack log- these guys know their stuff!!

Edited by hardwareguru, 23 February 2007 - 09:11 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP