Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nail, Aurora, Back Web, VX2, still buggy[RESOLVED]


  • This topic is locked This topic is locked

#1
jackpound1975

jackpound1975

    New Member

  • Member
  • Pip
  • 6 posts
Earlier this week, my Norton Antivirus found Nail.exe twice. I deleted it, or so I thought. Norton also found Aurora. I ran a scan in Ad-aware, and it found VX2. Spybot yesterday found Back Web. When I ran these scans, of course I deleted what they found in an attempt to clean the computer. Obviously it didn’t work because my internet connection never goes idle. Something in my computer is pulling these programs back in. I have also run the so called fix program from MyPCtune that other sites have said works. I’ve run that twice to no effect. My browsing is slowing down, and I can’t use bittorrent (azureus) at all. I do have a port forwarded (port# 6881) to make azureus work more efficiently.

In preparation to post, this evening I have run the following in this order:
WinsockXPFix, Clean-up, Ad-Aware, CWshredder, Ewido security, Trend Micro virus scan, and Windows Update. None of them have found anything to remove, yet my internet connection continues to be steadily active.

Please help! This si driving me up the wall and I do not want to have to invoke the nuclear option on my drive. Following are my Hijack This log follwed by my Ewido Security log.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:45:38 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Clint Clausing\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: bw+0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:41:02 PM, 5/26/2005
+ Report-Checksum: 77C334D8

+ Date of database: 5/26/2005
+ Version of scan engine: v3.0

+ Duration: 13 min
+ Scanned Files: 65468
+ Speed: 83.60 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Clint Clausing\Cookies\clint clausing@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I don't see any signs of Aurora here, but let's run the scans and see what shows up:

Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. Do NOT run it yet.

Please download nailfix at http://users.pandora...chy/nailfix.zip (for Windows XP) or http://users.pandora...y/nailfix2k.zip (for Windows 2000) Unzip it to the desktop but do NOT run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Once in Safe Mode, please double-click on nailfix.cmd (or nailfix2k.bat if you have Windows 2000). Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next run a full scan in Ewido. Post the log from the Ewido scan here.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


OK, I want you to check and fix ALL the O18 entries here, except for the first line (see below):

O18 - Protocol: bw+0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


But fix from the second O18 entry to the last one - all for Logitech.

Close all open windows except for HijackThis and click Fix Checked.


Restart your computer in normal mode and post a new HijackThis log, as well as the log from the Ewido scan.

Download FindIt's.zip to your desktop: http://forums.net-in...=post&id=142443

1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient ...
3. Then post the results here.
  • 0

#3
jackpound1975

jackpound1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK, followed all of your instructions. Here are the three logs you asked for.

Ewido in Safe Mode

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:57:16 PM, 5/26/2005
+ Report-Checksum: A02EDC38

+ Date of database: 5/26/2005
+ Version of scan engine: v3.0

+ Duration: 13 min
+ Scanned Files: 65347
+ Speed: 83.76 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
No infected files found!


::Report End

Hijack This after changes and reboot to normal mode

Logfile of HijackThis v1.99.1
Scan saved at 12:04:59 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Clint Clausing\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: bw+0 - {6D37A978-AC7C-4A5A-931F-E9E4B40F988A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

And finally, the Find Its log


Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 05/27/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\TSC.EXE

»»»»» lagitamate file's can/will show in this section.

* UPX! C:\WINDOWS\VSAPI32.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C has no label.
Volume Serial Number is F4F6-D418

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is F4F6-D418

Directory of C:\WINDOWS\system32

08/15/2001 05:42 PM 2,238 Autorun.ico
08/17/2001 12:42 PM 7,406 SBAudigy.ico
2 File(s) 9,644 bytes
0 Dir(s) 120,606,666,752 bytes free

»»»»»»»»»»»»»»»»»»»»»»»».

There you have it! Sorry about the tardy reply. Thanks for the help! Keep it up, cause I am still getting that weird internet activity.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you have a RAID setup here? If not or unsure, I want you to upload this file (ulutil2.dll) to this site and submit it. Wait for the analysis and post it here. I also want you to do the same thing for these two files - Autorun.ico and SBAudigy.ico, both of which are located in c:\windows\system32\ - post the reports for those two also

Your HijackThis log looks clean so far. But do the scans above for those files.

What weird internet activity is occurring now?
  • 0

#5
jackpound1975

jackpound1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I am at work at the moment, so I will have to get those files scanned after five when I get home. I think my internet has improved, but it still remains active, sending and receiving packets, when I am neither surfing the web or downloading files. Norton is not updating, neither is Steam or Windows Update, so I am at a loss as to why I would have any activity when I am not using it. Last night after I made the changes it got better than it was. When I first posted here, I was transfering something like 20 MB back and forth an hour according to my connection properties. Some of that is still going on though it doesn't seem as severe. I have my connection disabled right now except when I get on here to post to you guys. Any idea what that might be?

And as for RAID, I have RAID controllers installed but I don't have a RAID setup. For some reason, my motherboard needs the controllers loaded so that my SATA connections will work correctly.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, you may leave out that first file then since it's probably ok. But scan the other two ico files.

Also do this when you get home:

Let's use a program to scan for any trojans that may exist. Download TDS-3 http://tds.diamondcs...p?page=download. Learn how to use it at http://tds.diamondcs...?page=easytouse. Make sure to update it after you installed it. You can get the manual updates at http://tds.diamondcs...php?page=update. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to 'System Testing' on the menu and choose 'Full System Scan'. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. If you have problems copying the text, look (or search) for a file named scandump.txt and see if that has the alarms - post that here.
  • 0

#7
jackpound1975

jackpound1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are your scans:

Scan of Autoron.ico

AntiVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VBA32
Found nothing

Scan for SBAudigy.ico

AntiVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
mks_vir
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VBA32
Found nothing

TDS-3

17:29:48 [Tip Of The Day] If your machine has minimal resources, run minimal sockets! Sockets can be relatively expensive in terms of resources.
17:29:48 [Init] NOTICE A change has been detected in the autostart registry. Press Ctrl+A to view the autostart registry
17:29:48 [TDS] Good evening Clint clausing. What time do you finish work tonight?
17:29:53 [Mutex Memory Scan] Started...
17:29:55 [Mutex Memory Scan] Finished (no trojan mutexes found).
17:29:55 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
17:30:14 [CRC32] Started - verifying 29 files ...
17:30:15 [CRC32] Test finished.
17:31:13 [Memory Scan] Memory scan started, please wait a moment ...
17:31:13 [Memory Scan] Memory scan complete.
17:31:13 [Mutex Memory Scan] Started...
17:31:15 [Mutex Memory Scan] Finished (no trojan mutexes found).
17:31:15 [Trace Scan] Started...
17:31:19 [Trace Scan] Finished.
17:31:19 [ServiceScan] Scanning for services and drivers ...
17:31:23 [ServiceScan] Scanned 344 services and drivers.
17:31:23 [File Scan] Scanning in A:\ ...
17:31:25 [File Scan] Scanned 0 files: 0 alarms in 1.40625 seconds (Avg 1. files/sec)
17:31:25 [File Scan] Scanning in C:\ ...
17:57:58 [File Scan] Scanned 43171 files: 3 alarms in 1592.891 seconds (Avg 28.1 files/sec)
17:57:58 [File Scan] Scanning in D:\ ...
17:59:14 [File Scan] Scanned 157 files: 3 alarms in 76.09375 seconds (Avg 3.06 files/sec)
17:59:14 [Scan] Finished.

Bottom pane

Scan Control Dumped @ 18:02:41 27-05-05
Positive identification: Riskware.Tool.KillApp.b
File: c:\program files\creative\sbaudigy2zs\program\wdm\common\killapps.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\logitech\desktop messenger\8876480\7.2.0.137-8876480sl\program\restart.exe

Positive identification: Riskware.Tool.KillApp.b
File: c:\windows\system32\killapps.exe
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Upload this file (c:\windows\system32\killapps.exe) to that site again and post the status report here.

I don't know what could be sending out those extra packets. Are you sure it's not normal activity? I mean your firewall (if Norton has one) should have caught any suspicious programs trying to access the internet.
  • 0

#9
jackpound1975

jackpound1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I think I figured it out yesterday. I use Azureus as a bittorrent client. The new update of the software includes a data distribution tracker. I have the default port forwarded for the software to work at peak performance. AFter I have run Azureus and then closed it, the distributed tracker database keeps allowing people to hit my computer through the default port to check and see whether or not I have files that they want. They can't open them because Azureus isn't running, but I'm not so sure some of the outgoing stuff from my computer isn't a little "phishing" going on. I am pretty sure that I am virus free at the moment, but I am going into that program to try to close the problem in my router. Thanks for your help. If you know anything about bittorrent or my diagnosis, let me know.
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It must be one of the two then, probably Azureus. I can't offer my opinion on these since I don't advise using them at all. But I think it's Azereus like you said.

What happens if you close Azureus and BT? Make sure none of the services are running either (if there are any).
  • 0

#11
jackpound1975

jackpound1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
When I shut down Azuresu, my log in my router tells me that people are still hitting the forwarded ports trying to find torrents I was running. I uninstalled Azureus today and am trying another client that has more security. So far it seems to be working and my logs in the router are clean when I am not using the client, so I think I have it under control, though I will keep monitoring the situation. Eveidently, Azureus started using a dynamic database system during their last update. From what I can tell, the small tracking files that go with torrents to track who has them to connect the p2p client continue to be searched for by people trying to connect even after the program stops running. If you have ports forwarded, like I did, to enhance download speeds, people basically assault the router constantly in order to keep the distributed database up and running at all times and diminish the difficulty in connectiong to peers. However, this also leaves the computer open to outsiders, which is not a good thing even if none of htem are doing anything malicious. As far as I can tell, no IP addresses that queried my computer had any malicious intent, however an open connection to other computers can cause major headaches on its own. I downloaded Bitcomet and it does not have this feature. When I close it, people querying the computer run for a short time, and then quit. Plus, as far as I can tell, I don't have to forward ports in my router to get it to work correctly, which means a more secure P2P connection even if that connection has slower download and upload speeds. I'll trade slower downloads for a more secure PC any day. Too bad that Azureus tried their distributed database. The program was airtight before this upgrade of theirs.
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP