Results 1 to 4 of 4

Thread: "your computer may be infected with harmful or unwanted software!"

  1. 2007-10-14, 16:50 #1
    outspaced
    outspaced is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Unhappy "your computer may be infected with harmful or unwanted software!"

    Damn right it is. Been using AVG virus and Spyware scanners and Ad-Aware for a few weeks and while they remove a bunch of stuff every time they're run, I still keep getting that little pop up taunting me every time I start up, followed by a load of adverts appearing constantly (getting more frequent every day) and erratic behaviour like everything suddenly disappearing and being left with nothing but my background image, forcing me to restart.

    Have tried following all the instructions on the 'please read before you post' but I've had a few problems:

    1. When running Spybot, it's updates ok (although with a pop up saying 'illegal floating point operation') but when I try to a scan in gets stuck at Win32.Agent.pz and doesn't move any further. Tried it several times, tried shutting off certain programs but nothing can get it past that. I also sometimes get that 'An outsider did inject malicious code into this application' pop up occasionally - tried using the beta fix but the program won't run after I've executed it.

    2. Tried booting into safe mode, but it just continually restarts itself, showing that 'the computer is running in safe mode' pop up every few seconds and reloading the desktop, before eventually giving up and leaving the screen black.

    Anyway, what I have managed to get is the Kapersky logs and the HiJack This logs:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, October 14, 2007 3:09:03 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 14/10/2007
    Kaspersky Anti-Virus database records: 435748
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 180944
    Number of viruses found: 6
    Number of infected objects: 30
    Number of suspicious objects: 0
    Duration of the scan process: 01:50:46

    Infected Object Name / Virus Name / Last Action
    C:\check_LSA7.txt Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\history.dat Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\key3.db Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\rbnq3zei.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Alex\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Temp\wnd1D7.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\ITJSCBVP\xc29[1].exe Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\JZKU8D8V\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.wa skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\JZKU8D8V\xc60[1].exe Infected: Trojan.Win32.Dialer.qn skipped
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\UMSQCJMQ\valera[1] Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Alex\My Documents\My Setups\AVICodecPackPlus210.exe/stream/data0051 Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
    C:\Documents and Settings\Alex\My Documents\My Setups\AVICodecPackPlus210.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
    C:\Documents and Settings\Alex\My Documents\My Setups\AVICodecPackPlus210.exe NSIS: infected - 2 skipped
    C:\Documents and Settings\Alex\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Alex\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB764DF.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50D978C6.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{C935EB81-2FFE-4DF6-8BA5-7A2255300913}\RP291\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8726120B-34AB-47B8-96F8-5F079F226013}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{98E01C5B-3DF6-4CF8-838F-E86D7CF696CA}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\aobitaox.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\bobtjkcx.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\ceybeugf.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drvlic.dll Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\system32\efsesnbt.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\gebyw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wa skipped
    C:\WINDOWS\system32\gxcpqgpu.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\hxrpxcss.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\jwgkdbcv.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\lbkxpiaf.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\oitthxnl.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\otjwdroy.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\phvqjups.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\qmbpswmk.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\qqvhwvif.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\umnvqsng.dll Infected: Trojan.Win32.Pakes.fr skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\winjyp32.dll Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\system32\ywomvcgg.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\yxihdalm.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\Temp\gosCA15.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\Temp\JET6992.tmp Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_42c.dat Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.






    Please help me before I throw the laptop out the window. Any advice appreciated massively.

    Thanks,
    Alex
  2. 2007-10-14, 16:51 #2
    outspaced
    outspaced is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 19:43:18, on 13/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\pie\meat pie.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/en/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O1 - Hosts: 85.17.40.71 oink.me.uk
    O1 - Hosts: 85.17.40.69 tracker.oink.me.uk
    O1 - Hosts: 85.17.40.70 irc.oink.me.uk
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: H - {2F1890C8-8727-4d35-9312-AFDB3A403E83} - mcacr.dll (file missing)
    O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\wvwxyvu.dll (file missing)
    O2 - BHO: (no name) - {5B6F5D49-6650-4331-A3F5-C316A8E8E52D} - C:\WINDOWS\system32\gebyw.dll
    O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\rqrqnli.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7D2C2F08-1836-4B33-8367-F86CDCA4A9E0} - C:\WINDOWS\system32\mlljj.dll (file missing)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\aneaxnty.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {AFB3ADE7-039F-4030-B6A2-B585E056CB5D} - C:\WINDOWS\system32\awvvv.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlic.dll,startup
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dsrpcfwk.dll",sitypnow
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
    O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll (file missing)
    O20 - Winlogon Notify: mljjggd - C:\WINDOWS\SYSTEM32\mljjggd.dll
    O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)
    O20 - Winlogon Notify: rqrqnli - rqrqnli.dll (file missing)
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
    O20 - Winlogon Notify: wvwxyvu - wvwxyvu.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ujmcfixh.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
    O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
  3. 2007-10-14, 23:00 #3
    shelf life
    shelf life is offline
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    5,825

    Default

    hi outspaced,

    lets start with this:

    1) download and run vundofix.exe:

    http://www.atribune.org/ccount/click.php?id=4

    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    then this:
    2) Download SmitfraudFix (by S!Ri) to your Desktop:

    http://www.bleepingcomputer.com/files/smitfraudfix.php


    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press Enter

    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

    stop at this point and post a HijackThis log along with the contents of the c:\rapport.txt.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    ----------------------------
    use vundofix then the first step of smitfraud, post the logs from each and a new hjt log.

    shelf life
    How Can I Reduce My Risk?
  4. 2007-10-22, 07:45 #4
    tashi
    tashi is online now
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,508

    Default

    outspaced, same day response by a helper....

    Due to lack of feedback this topic has been archived.

    If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
    UNITE-ASAP

    Microsoft MVP. Consumer Security 2006-2013

    Please help us improve Spybot, download our distributed testing client
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules