[marten]

Hi!

I really need help. Recently I got a lot of spyware and also a lot of pop-ups which are not blocked. New windows pop up at any time, mostly when I search on google, but while writing this two windows poped up. All this has made my computer very slow.

Please help me... What shall I do?

/marten

[Advertisements]

Edited by Geek U Moderator

Edited by ScHwErV, 19 April 2005 - 12:05 PM.

[Rawe]

Edited by Geek U Moderator

Edited by ScHwErV, 19 April 2005 - 12:05 PM.

[marten]

Hi

Well thanks, but I'd already done that, even scanned with spybot S&D and microsofts anti-spyware. I deleted everything but the problems keep coming back.

Of course I should have written this at first... But OK now it's just to post the log.

/marten

[Rawe]

Edited by Geek U Moderator

Edited by ScHwErV, 19 April 2005 - 12:05 PM.

[ScHwErV]

marten

In order to get a better idea of whats happening with your computer:

• Please download the latest version of HiJackThis from either Site 1 or Site 2
• Copy it into its own folder, doubleclick HijackThis.exe, and hit "Do a system scan and save a logfile"
• When the scan is finished, it will ask you to save the log. Just save it anywhere that you will remember like your desktop.
• After you save it, the log will open in notepad. In notepad, press Ctrl-A to Select All, and copy its contents in a reply to this post.
• Most of what it lists will be harmless or even essential
• Don't Fix Anything Yet

Good Luck

ScHwErV

[marten]

Hi

Here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 20:12:19, on 2005-04-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Lexmark X5100 Series\lxbabmgr.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Winamp\winampa.exe
C:\Program\Lexmark X5100 Series\lxbabmon.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://login1.comhem.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iexplore.exe] C:\Program\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [mdkbyl] C:\WINDOWS\mdkbyl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\Program\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\h62olgf3162.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[ScHwErV]

marten

Lets start with some general scans, then a few different logs so I can fully assess your problem.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Now reply back with a normal HiJackThis log along with this log.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

ScHwErV

[marten]

Hi

I scanned with kaspersky, but I couldn't find out how to save the results. I hade a lot of infected files, but I didn't delete anything.

Here is my HJT-log:
ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Download Manager 1.2 (endast avinstallation)
Adobe Reader 6.0 - Svenska
BitTorrent 3.4.1
Burn Baby Burn
Creative MediaSource
CutePDF Writer 2.3
DC++ (remove only)
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Direct Connect 2.0
DivX Player
DivX Pro Codec Adware
DVDSentry
Easy CD Creator 5 Basic
FaxTools
Free History Eraser
GNAT Version 3.12p
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
Lexmark X5100 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
MATLAB Student 7.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft interaktiv träning
Microsoft Office XP Media Content
Microsoft Office XP Small Business
MSN Messenger 7.0
MyDVD
Norton AntiVirus 2003
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
OpenMG Jukebox
OpenMG Secure Module 3.0.03
Paint Shop Pro 7
PowerDVD
QuickTime
RealOne Player
Shockwave
Sony Net MD Help
Sound Blaster Audigy 2
Spybot - Search & Destroy 1.3
TVTool
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec

[ScHwErV]

That log is clean.

When you said that you didnt delete anything, do you mean that you told KAV not to deal with the infected files that it found??

ScHwErV

[marten]

I did the scan and I still have the window open.

I had 34 viruses, 3488 infected objects an 1 suspicious object. (I think those are high numbers because Norton shows no infected files. But maybe this one is better...)

I thought I should delete all the files, but a message appears that says that the files may be essential part of windows or some application, or may contain valuable information. So I haven't done anything yet.

Is it okey to delete all the files or what shall I do?

/marten

[ScHwErV]

KAV is better than norton.

If the files are infected, you are better off without them.

ScHwErV

[marten]

Okey, I'll see if it gets better. Hope so...

Thanks anyway.

/marten

[ScHwErV]

Havent heard from you in awhile. Just wondering how things are going and if you need any further assistance?

ScHwErV

[marten]

Hi, how thoughtful...

It seems to be much better now...

Thanks!

[ScHwErV]

Great!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

ScHwErV