Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System shutting down - Cannot get Internet connection or LAN [RESOLVED


  • This topic is locked This topic is locked

#16
uzi9mm

uzi9mm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
msn_messenger_polygamy_5.exe;C:\Documents and Settings\Ayesha\My Documents\My Received Files\MSN Polygamy for All Versions;Tool.ASEye.2;Incurable.Moved.;
ComboFix.exe\327882R2FWJFW\C.bat;C:\Documents and Settings\Uzi.USMAN\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Uzi.USMAN\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Uzi.USMAN\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Uzi.USMAN\Desktop\SDFix.exe;Tool.Prockill;;
Dr web cureit log:


SDFix.exe;C:\Documents and Settings\Uzi.USMAN\Desktop;Archive contains infected objects;Moved.;
ComboFix.exe\ComboFix.bat;C:\Documents and Settings\Uzi.USMAN\My Documents\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\Uzi.USMAN\My Documents;Archive contains infected objects;Moved.;
data007\data001;C:\Documents and Settings\Uzi.USMAN\My Documents\daemon4123-lite.exe\data007;Adware.Shopper;;
data007\data002;C:\Documents and Settings\Uzi.USMAN\My Documents\daemon4123-lite.exe\data007;Adware.SaveNow.128;;
data007;C:\Documents and Settings\Uzi.USMAN\My Documents\daemon4123-lite.exe;Archive contains infected objects;;
daemon4123-lite.exe;C:\Documents and Settings\Uzi.USMAN\My Documents;Archive contains infected objects;Moved.;
ppstream.exe\data004;C:\Documents and Settings\Uzi.USMAN\My Documents\ppstream.exe;Trojan.WinCrash;;
ppstream.exe;C:\Documents and Settings\Uzi.USMAN\My Documents;Archive contains infected objects;Moved.;
SetupDTSB.exe;C:\Program Files\DAEMON Tools;Adware.SaveNow;Incurable.Moved.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Probably BACKDOOR.Trojan;Incurable.Moved.;
XP_SP2_tcpPatch.exe;C:\Program Files\PPStream;Trojan.WinCrash;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0013087.exe\data011;C:\System Volume Information\_restore{1F6316EB-6B0A-4F9C-9E5E-B83031FE7012}\RP399\A0013087.exe;Adware.Hotbar;;
A0013087.exe;C:\System Volume Information\_restore{1F6316EB-6B0A-4F9C-9E5E-B83031FE7012}\RP399;Archive contains infected objects;Moved.;
A0033157.exe\327882R2FWJFW\C.bat;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP309\A0033157.exe;Probably BATCH.Virus;;
A0033157.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP309\A0033157.exe;Program.PsExec.171;;
A0033157.exe;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP309;Archive contains infected objects;Moved.;
A0033158.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP309\A0033158.exe;Tool.Prockill;;
A0033158.exe;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP309;Archive contains infected objects;Moved.;
A0033159.exe;C:\System Volume Information\_restore{D8E4F03F-F581-4C33-A122-3C0576D85EBA}\RP310;Trojan.WinCrash;Deleted.;
pgvumt.exe;C:\_OTMoveIt\MovedFiles\06292008_155821;Trojan.Packed.511;Deleted.;

Edited by uzi9mm, 30 June 2008 - 02:35 PM.

  • 0

Advertisements


#17
uzi9mm

uzi9mm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Deckard's System Scanner v20071014.68
Run by Uzi on 2008-06-30 21:36:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Uzi.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:07, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Uzi.USMAN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Uzi.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4906 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-29 22:05:33 0 d-------- C:\Documents and Settings\Uzi.USMAN\DoctorWeb
2008-06-29 16:02:21 0 d-------- C:\Documents and Settings\Uzi.USMAN\Application Data\Malwarebytes
2008-06-29 16:02:18 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-06-29 16:02:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 14:09:13 0 d-------- C:\WINNT\ERUNT
2008-06-28 19:38:47 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-06-30 19:24:13 0 d-------- C:\Program Files\PPStream
2008-06-28 23:31:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 22:18:59 0 d-------- C:\Program Files\Common Files
2008-05-04 19:15:19 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-05-04 19:13:24 0 d-------- C:\Program Files\CCleaner
2008-05-04 12:25:50 0 d-------- C:\Documents and Settings\Uzi.USMAN\Application Data\vlc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [10/01/2008 21:41]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [10/01/2008 21:41]
"Athan"="C:\Program Files\Athan\Athan.exe" [10/01/2008 21:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 18:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [10/01/2008 21:42]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/01/2008 21:41]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 11:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [27/02/2004 16:41:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-30 21:36:30 ------------
  • 0

#18
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply... Somehow Dr Web has deleted mbam.exe.. So, can you try running Malwarebytes' again?


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:



I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



Tell me about your Malwarebytes' program and then post a fresh DSS log after successfully install ONE antivirus and ONE firewall...


Regards
fenzodahl512
  • 0

#19
uzi9mm

uzi9mm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Deckard's System Scanner v20071014.68
Run by Uzi on 2008-07-01 22:08:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Uzi.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:18, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Uzi.USMAN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Uzi.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINNT\system32\guard32.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5556 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 21:59:28 0 d-------- C:\Documents and Settings\Uzi.USMAN\Application Data\Comodo
2008-07-01 21:59:24 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\comodo
2008-07-01 21:59:20 0 d-------- C:\Program Files\COMODO
2008-07-01 21:26:22 0 d-------- C:\WINNT\system32\drivers\Avg
2008-07-01 21:26:07 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\avg8
2008-07-01 21:24:34 0 d-------- C:\Program Files\AVG
2008-06-29 22:05:33 0 d-------- C:\Documents and Settings\Uzi.USMAN\DoctorWeb
2008-06-29 16:02:21 0 d-------- C:\Documents and Settings\Uzi.USMAN\Application Data\Malwarebytes
2008-06-29 16:02:18 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-06-29 16:02:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 14:09:13 0 d-------- C:\WINNT\ERUNT
2008-06-28 19:38:47 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Desktop


-- Find3M Report ---------------------------------------------------------------

2008-06-30 21:28:36 0 d-------- C:\Program Files\DAEMON Tools
2008-06-30 19:24:13 0 d-------- C:\Program Files\PPStream
2008-06-28 23:31:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 22:18:59 0 d-------- C:\Program Files\Common Files
2008-05-04 19:15:19 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-05-04 19:13:24 0 d-------- C:\Program Files\CCleaner
2008-05-04 12:25:50 0 d-------- C:\Documents and Settings\Uzi.USMAN\Application Data\vlc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [10/01/2008 21:41]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [10/01/2008 21:41]
"Athan"="C:\Program Files\Athan\Athan.exe" [10/01/2008 21:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 18:17]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [01/07/2008 21:26]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [01/07/2008 21:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [10/01/2008 21:42]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/01/2008 21:41]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 11:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [27/02/2004 16:41:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\WINNT\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDGUARD
*Newly Created Service* - CMDHLP
*Newly Created Service* - INSPECT



-- End of Deckard's System Scanner: finished at 2008-07-01 22:10:02 ------------
  • 0

#20
uzi9mm

uzi9mm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I installed AVG anti-virus and the Comodo firewall and then posted the DSS log above.

MBAM had to be installed again.
  • 0

#21
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Good news.. Your log looks clean to my eyes :)


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT


I noticed that you already have::

1. AVG8 as your antivirus..
2. COMODO as your firewall
3. Malwarebytes' as your antispyware (please re-install it if you have to :) )




Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#22
uzi9mm

uzi9mm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi,

I did all of the above. The computer seems to be a lot better now and I have no problems at present.

Thank you very much. You have been a great help. I appreciate the time you have put in to help me with my problem.

Kind Regards,

uzi9mm
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP