PDA

View Full Version : Help please!



joshr310
2006-01-08, 18:26
Ok so here is the deal. My laptop runs on Windows 2000 Professional and lately I have been getting these WinFixer pop-ups and other kinds of pop-ups too. This virus that I have on my computer is also slowing down it's speed. Like when I click on Internet Explorer, it takes a couple of seconds to open it, and that goes the same for the My Computer icon and others on my desktop as well. I have AVG Free Edition on my computer already and I recently installed Ewido Anti-Malware and Microsoft AntiSpyware Beta.

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:05 AM, on 1/8/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1130981740\ee\AOLSoftware.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\sms_msn40.exe
C:\WINNT\system32\sms_msn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\ngpw40.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130981740\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sms_msn40] C:\WINNT\system32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINNT\system32\sms_msn.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ComcastHSI - {3CB5F069-C2E1-41F7-B785-EF738C7C738D} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {724ED798-93C4-4209-801A-7FFFC78070A9} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {7D6BA741-414A-4BF2-A539-C71901A48E16} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.0.41/lottso/lottso-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.0.41/holdem/holdem-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.41/worldclass/worldclass-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\Iass.exe (file missing)

I had some previous logs that included a file that had: O2 - BHO: ATLDistrib Object - C:\WINNT\system32\oppqo.dll

But now this file is no longer in any of the logs and I don't know why.

Help with this problem would be GREATLY appreciated!!

Thanks,
Josh

LonnyRJones
2006-01-12, 10:48
Hi Josh

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM\..\Run: [sms_msn40] C:\WINNT\system32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] C:\WINNT\system32\sms_msn.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Delete these files
C:\WINNT\system32\sms_msn40.exe
C:\WINNT\system32\sms_msn.exe
How did that go ?

Post a fresh hijackthis log please, be sure to mention any current problems.

tashi
2006-01-16, 21:59
How is it going joshr310.

LonnyRJones
2006-01-22, 08:33
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM or email and we will re-open it.