Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

no crtl-alt-delete

Started by niccolai , Oct 02 2005 09:22 AM

  • Please log in to reply

#1
niccolai
Posted 02 October 2005 - 09:22 AM

niccolai

    Member

  • Member
  • PipPip
  • 92 posts
When I hit controll alt delete, the task manager does not come up. It's visible in the task bar, but the window itself won't open.

Sometimes certain programs just don't open at all when I double click them.

I've tried scanning with a windows XP disk, but it didn't do anything. I'm begining to think it's malware related. I've been running anti malware programs like crazy for the last 2 days and it seems like everytime I delete everything, something else comes back.

Heres my HJT:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:27 AM, on 10/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127702844703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127702819296
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...592/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A4DD0B-C3B5-4C44-9F68-3CA48848ABBC}: NameServer = 141.154.0.68 151.203.0.84
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: microsoft update (msnupdate) - Unknown owner - C:\WINDOWS\windupdate.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe (file missing)
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe (file missing)



That smsc I believe is virus related because it never apeared before but none of the 8 or so antivirus angles I'm using will get fix anything.




Heres some of the viruses that keep coming up:


C:\WINDOWS\SYSTEM32\drivers\etc\systemp\1.dll IRC/Flood.bc

C:\WINDOWS\SYSTEM32\i W32/Sdbot.worm!ftp

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0019218.exe Backdoor.Win32.ServU-based

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020299.exe Backdoor.Win32.IRCBot.hg

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020300.exe Backdoor.Win32.IRCBot.hg

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020301.exe Backdoor.Win32.IRCBot.hg

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020302.exe Backdoor.Win32.IRCBot.hg

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020308.exe Backdoor.Win32.Agobot.gen

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP81\A0020310.exe Backdoor.Win32.Agobot.gen

C:\WINDOWS\SYSTEM32\eraseme_40775.exe Backdoor.Win32.SdBot.aad

C:\WINDOWS\SYSTEM32\i Trojan-Downloader.BAT.Ftp.ab

C:\WINDOWS\WineXP.exe Backdoor.Win32.SdBot.aad

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:53:50 AM, 10/1/2005
+ Report-Checksum: CF2E76D5

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SBFull.ocx\\.Owner -> Spyware.SpyBlast : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SBFull.ocx\\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62} -> Spyware.SpyBlast : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mscomctl.ocx\\{BC97B254-B2B9-4D40-971D-78E0978F5F26} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3942243025-473866232-3689853989-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1A00C40B-DA85-4aa3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-3942243025-473866232-3689853989-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3942243025-473866232-3689853989-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23DDAE8C-6A79-4D62-80AA-E95D89CB9811} -> Spyware.SearchExplorer : Cleaned with backup
C:\WINDOWS\SYSTEM32\drivers\etc\systemp\servicesnt.exe -> Backdoor.SdBot.nj : Cleaned with backup
C:\WINDOWS\SYSTEM32\drivers\etc\systemp\spool.exe -> Backdoor.ServU-based : Cleaned with backup


::Report End





A TON of 'eraseme' files spawn in one of my system folders, usually about 8 at a time.



I'll post some more up to date virus scan logs after I complete them.

Edited by niccolai, 02 October 2005 - 09:39 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP