Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

secure32.html - cannot remove things with killbox

Started by jahija77 , Jan 16 2007 10:41 AM

  • Please log in to reply

#16
jahija77
Posted 21 January 2007 - 04:25 PM

jahija77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello.
I did everything. Here's the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:14:21 2007-01-21

+ Scan result:



HKU\S-1-5-21-583907252-602162358-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A1DDC19-5893-43AB-A73F-F41A0F34D115} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023209.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0020051.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020466.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020539.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0020870.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0020871.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022023.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022172.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022858.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023189.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023191.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023207.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028708.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028709.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028710.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028711.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
F:\Gry\Tradewinds\tradewindsam-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00007258.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022173.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022751.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022786.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022896.exe -> Downloader.Purit.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028442.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP84\A0029946.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028436.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023062.dll -> Downloader.Zlob.aeg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022981.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0023012.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023033.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023065.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023067.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023068.exe -> Downloader.Zlob.aqh : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022999.exe -> Downloader.Zlob.axr : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0023002.exe -> Downloader.Zlob.axr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022980.dll -> Downloader.Zlob.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0023011.dll -> Downloader.Zlob.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023032.dll -> Downloader.Zlob.bbv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023070.dll -> Downloader.Zlob.bbv : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022995.exe -> Downloader.Zlob.bbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023069.exe -> Downloader.Zlob.bcb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP76\A0023066.exe -> Downloader.Zlob.bcz : Cleaned with backup (quarantined).
D:\_inst\1\Adobe_Photoshop_v7[1].0_Keygen.zip/keygen.exe -> Logger.Delf.ncs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028443.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP82\A0028440.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Grot\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\Ja\Cookies\ja@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Grot\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Grot\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Grot\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned.
E:\Documents and Settings\Ja\Ustawienia lokalne\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Grot\Cookies\grot@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\Documents and Settings\Ja\Cookies\ja@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
E:\Documents and Settings\Ja\Cookies\ja@com[1].txt -> TrackingCookie.Com : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Grot\Cookies\grot@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
E:\Documents and Settings\Ja\Cookies\ja@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Grot\Cookies\grot@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Grot\Cookies\grot@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
E:\Documents and Settings\Ja\Cookies\ja@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
E:\Documents and Settings\Ja\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\NPROTECT\00007256.dll -> Trojan.Sinowal.bh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP84\A0029945.exe -> Trojan.Sinowal.bh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0018889.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0018922.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0018975.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0019007.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0020052.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP69\A0020085.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020157.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020208.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020260.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020325.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020503.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP70\A0020540.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP71\A0020715.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0020872.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0020887.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022025.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022149.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022174.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP73\A0022314.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022752.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022787.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022859.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP75\A0022897.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B791278-1EE7-4637-86A6-5C4E1B5416A8}\RP84\A0029944.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

And the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:16:59, on 2007-01-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135426657640
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.p...kanerOnline.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOINC - Unknown owner - C:\Program Files\BOINC\boinc.exe" -daemon (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

I saw that the entry you told me to fix with HJT didn't disappear from there, but I checked the box and clicked Fix Checked. Also, in normal mode my computer showed a warning that it is endangered, because the MS authenticate service is turned off.
  • 0

Advertisements

#17
M4_Fanatic
Posted 22 January 2007 - 11:20 AM

M4_Fanatic

    Member

  • Member
  • PipPipPip
  • 282 posts
Sorry about that jahija77, my fault.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#18
jahija77
Posted 22 January 2007 - 12:16 PM

jahija77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,
I did that and here's the SDFix report:


SDFix: Version 1.61

2007-01-22 - 19:05:04,73

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
MsaSvc

Path:
C:\WINDOWS\system32\msasvc.exe

MsaSvc Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Files Found..




Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Eksplorator Windows"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\system32\9DF92C47D6.sys
C:\WINDOWS\system32\KGyGaAvL.sys

Finished

and a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:15:26, on 2007-01-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1135426657640
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.p...kanerOnline.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOINC - Unknown owner - C:\Program Files\BOINC\boinc.exe" -daemon (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#19
M4_Fanatic
Posted 24 January 2007 - 01:22 AM

M4_Fanatic

    Member

  • Member
  • PipPipPip
  • 282 posts
The latest log looks good, are you having any more problems?
  • 0

#20
jahija77
Posted 24 January 2007 - 04:11 AM

jahija77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I don't have any more problems. Thank you ever so much for all the help :whistling:
  • 0

#21
M4_Fanatic
Posted 25 January 2007 - 10:14 AM

M4_Fanatic

    Member

  • Member
  • PipPipPip
  • 282 posts
No problem :whistling:

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Edited by M4_Fanatic, 25 January 2007 - 10:22 AM.

  • 0

#22
jahija77
Posted 28 January 2007 - 07:50 AM

jahija77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thak you again for all the help. I downloaded the programs you rcommended and I hope I won't have any more problems like this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP