PDA

View Full Version : Multiple issues...help!



BadPanda
2008-04-02, 20:29
Was given this laptop with multiple problems. It started with some spyware and escalated to having almost 200 viruses identified by avast (which I have since removed since Norton is installed...but not helping.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:21 AM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\qfedylcb.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\zsxtxlwa.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ldr.exe
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKLM\..\Run: [SystemDefender] "C:\Program Files\SystemDefender\SystemDefender.exe" hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Policies\Explorer\Run: [PWdcpqKUux] C:\WINDOWS\qfedylcb.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.nwmls.com
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D87C9639-2624-44F1-AA12-F7EA352EE7D9}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: SysKbd - {b3d5314f-166e-40bf-9b44-3a3a515954c6} - C:\WINDOWS\Installer\{b3d5314f-166e-40bf-9b44-3a3a515954c6}\SysKbd.dll (file missing)
O21 - SSODL: RunOnceKbd - {12550329-31ea-465d-99f8-5b8f93e2a275} - C:\WINDOWS\Installer\{12550329-31ea-465d-99f8-5b8f93e2a275}\RunOnceKbd.dll (file missing)
O21 - SSODL: CheckAvp - {c941003a-1dfb-4cbe-bde4-db77c517e96c} - (no file)
O21 - SSODL: RamKernel - {4d31a4d3-de46-4c34-ab7c-7bc558e01c39} - (no file)
O21 - SSODL: BootRam - {9fa68b10-79e1-46e8-8ecd-c13023b0e749} - (no file)
O21 - SSODL: KysKbd - {5dc8722c-7d95-4b6d-9bef-2fda80ed232d} - (no file)
O21 - SSODL: KernelDrive - {0e2b3d1a-5a9a-4f31-a93f-749b646924fb} - (no file)
O21 - SSODL:
O21 - SSODL: UnknownVolume - {48814f35-166c-4e13-b69f-ebd639ff3264} - (no file)
O21 - SSODL: ChkAlrt - {131f3175-511d-4c06-bc3d-57c401517fb8} - C:\WINDOWS\Installer\{131f3175-511d-4c06-bc3d-57c401517fb8}\ChkAlrt.dll (file missing)
O21 - SSODL: KernelComponent - {b60e06d3-5326-44d7-a92a-8383238fa3b0} - C:\WINDOWS\Installer\{b60e06d3-5326-44d7-a92a-8383238fa3b0}\KernelComponent.dll (file missing)
O21 - SSODL: KbdMon - {7c15ad45-b8a6-41e2-ac9b-4186ca18b005} - C:\WINDOWS\Installer\{7c15ad45-b8a6-41e2-ac9b-4186ca18b005}\KbdMon.dll (file missing)
O21 - SSODL: BootAlrt - {095b814d-4a68-4cf3-81aa-27edb533869f} - C:\WINDOWS\Installer\{095b814d-4a68-4cf3-81aa-27edb533869f}\BootAlrt.dll (file missing)
O21 - SSODL: SysService - {4fe8b6c8-42e3-4ec2-b7db-65c2228271aa} - C:\WINDOWS\Installer\{4fe8b6c8-42e3-4ec2-b7db-65c2228271aa}\SysService.dll (file missing)
O21 - SSODL: VolumeChk - {daf0495e-659c-4d06-9e83-5da7d458d5df} - C:\WINDOWS\Installer\{daf0495e-659c-4d06-9e83-5da7d458d5df}\VolumeChk.dll (file missing)
O21 - SSODL: CDMon - {1ed11327-08ea-4073-9045-9bc467be4c84} - C:\WINDOWS\Installer\{1ed11327-08ea-4073-9045-9bc467be4c84}\CDMon.dll (file missing)
O21 - SSODL: SrvCheck - {7a2af535-0789-4057-9924-765cf5266e90} - C:\WINDOWS\Installer\{7a2af535-0789-4057-9924-765cf5266e90}\SrvCheck.dll (file missing)
O21 - SSODL: VolumeDrive - {d078be67-230b-428c-8551-ca469431c1e6} - C:\WINDOWS\Installer\{d078be67-230b-428c-8551-ca469431c1e6}\VolumeDrive.dll (file missing)
O21 - SSODL: Sy
O21 - SSODL: ChkMon - {fc0e0567-a475-4d0e-b127-6e8dafda9a88} - C:\WINDOWS\Installer\{fc0e0567-a475-4d0e-b127-6e8dafda9a88}\ChkMon.dll (file missing)
O21 - SSODL: ServicePrx - {2a65484f-24fc-4b50-b59a-a34f1fea96ec} - C:\WINDOWS\Installer\{2a65484f-24fc-4b50-b59a-a34f1fea96ec}\ServicePrx.dll (file missing)
O21 - SSODL: RamUnknown - {4750130c-df94-4c6e-a7c0-f0607b89f1eb} - C:\WINDOWS\Installer\{4750130c-df94-4c6e-a7c0-f0607b89f1eb}\RamUnknown.dll (file missing)
O21 - SSODL: WinSetup - {0338cfee-5902-4b54-b09e-b2dcfa3473f1} - C:\WINDOWS\Installer\{0338cfee-5902-4b54-b09e-b2dcfa3473f1}\WinSetup.dll (file missing)
O21 - SSODL: ChdMon - {fc0e0567-a475-4d0e-b127-6e8dafda9a88} - C:\WINDOWS\Installer\{fc0e0567-a475-4d0e-b127-6e8dafda9a88}\ChkMon.dll (file missing)
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Microsoft DDE+ server (c87b9d2d) - Unknown owner - C:\WINDOWS\system32\.c87b9d2d\c87b9d2d.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11462 bytes