Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Slow, Popups

Started by Syke , Feb 23 2007 02:43 PM

  • Please log in to reply

#1
Syke
Posted 23 February 2007 - 02:43 PM

Syke

    Member

  • Member
  • PipPip
  • 53 posts
My computer is running alot slower, and im getting random ad popups.
I belive I have spyware/viruses

Thanks for your time, and knowledge in advance...

Logfile of HijackThis v1.99.1
Scan saved at 3:41:41 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSLLkSrv.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\wamp\wampmanager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {0E11A90B-5313-4B4F-8F8D-A2FB46046B53} - (no file)
O2 - BHO: (no name) - {3567B902-8A83-4701-B84D-558A56F8CF2B} - (no file)
O2 - BHO: (no name) - {54004247-799D-57E8-C3A4-00EE10A43342} - (no file)
O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - (no file)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{226E437B-52B7-4C9F-9D3D-46CB6D55EA81}: NameServer = 68.87.71.226,68.87.73.242
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomljgf - qomljgf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: ISC BIND (named) - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com software - C:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:21:19 AM 2/23/2007

+ Scan result:



C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015161.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015162.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015068.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030295.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030296.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017297.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015170.exe -> Backdoor.Landis.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015164.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015166.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015165.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015169.tlb -> Downloader.Zlob.wd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015158.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP72\A0030294.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0021252.dll -> Logger.Perfloger.i : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020750.exe -> Not-A-Virus.HackTool.Win32.Scanner.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015100.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015199.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017299.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019306.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015197.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\Wordlist.rar/mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
D:\Program Files\Accessdiver\Wordlist\mixed.txt -> Trojan.Irc.flood.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020765.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\Update.exe -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\{582EE242-08A2-1033-0428-060401050001}\system.dll -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


SUPERAntiSpyware Scan Log
Generated 02/23/2007 at 03:31 PM

Application Version : 3.5.1016

Core Rules Database Version : 3188
Trace Rules Database Version: 1198

Scan type : Complete Scan
Total Scan Time : 02:52:38

Memory items scanned : 390
Memory threats detected : 2
Registry items scanned : 4701
Registry threats detected : 6
File items scanned : 152819
File threats detected : 23

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWVVW.DLL
C:\WINDOWS\SYSTEM32\AWVVW.DLL
HKLM\Software\Classes\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32
HKCR\CLSID\{3567B902-8A83-4701-B84D-558A56F8CF2B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3567B902-8A83-4701-B84D-558A56F8CF2B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awvvw

Trojan.Downloader-Quake11
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\WINDOWS\SYSTEM32\OXTPPUIC.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0016199.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0019744.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020755.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020763.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020766.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020767.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner.CLICKCHIP\Cookies\owner@revsci[2].txt

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE

Trojan.Downloader-SpyTool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015168.DLL
C:\WINDOWS\SYSTEM32\HINPFODS.DLL
C:\WINDOWS\SYSTEM32\NSFRTNHI.DLL
C:\WINDOWS\SYSTEM32\OMKKGOWX.DLL

Trojan.Downloader-Gen/LIB
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0016294.DLL

Trojan.Downloader-DoneDU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0017300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP62\A0019307.DLL

ReFOG KGB Keylogger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP63\A0020931.EXE

Worm.Alcra Variant
C:\WINDOWS\SYSTEM32\NETSTAT.COM
C:\WINDOWS\SYSTEM32\TASKKILL.COM

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO

Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA

Trojan.Homepage
D:\SYSTEM VOLUME INFORMATION\_RESTORE{CB709A4D-4C58-45E0-ACB6-99862BB0A2D2}\RP61\A0015172.DLL



Here is one of the popups I just got: http://www.winantivi.....id=virus com>]http://www.winantiviruspro.com/pages/newco...id=virus+com%3E

Edited by Syke, 23 February 2007 - 02:57 PM.

  • 0

Advertisements

#2
ultimateslacker2
Posted 23 February 2007 - 04:31 PM

ultimateslacker2

    Member 1K

  • Retired Staff
  • 1,581 posts
You should post those logs in the Malware Forum please.
  • 0

#3
hardwareguru
Posted 23 February 2007 - 09:08 PM

hardwareguru

    New Member

  • Member
  • Pip
  • 4 posts
Hey dude,

Sounds like you could use some help from some malware professionals... go here.

http://forum.malware...topic.php?t=233

Sorry, this will take you straight to the registration area http://forum.malware...424c1cd538e7796


Register and post your Hijack log- these guys know their stuff!!

Edited by hardwareguru, 23 February 2007 - 09:11 PM.

  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP