HijackThis log (Please check ASAP)

[ChemicalRomance]

it's been connecting okay now.

hmm, i think i might just need a new computer...

[Ried]

When is the last time you defragmented your computer? Try that if you haven't done so in the last month, especially after all the malware we just removed.

Click Start>All Programs>Accessories>System Tools and select Disk Defragmenter. This can take several hours to complete.

[ChemicalRomance]

i'll start to defrag the computer before i go to bed tonight. and just so you know, i can no longer access internet explorer.



Deckard's System Scanner v20070426.43
Run by Johnny on 2007-06-04 at 22:25:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny.exe) ----------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-04 22:28:30
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\Program Files\HijackThis\Johnny.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: avast! Antivirus - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


-- Files created between 2007-05-04 and 2007-06-04 -----------------------------

2007-05-30 22:35:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\Publish Providers
2007-05-30 22:35:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\NetMedia Providers
2007-05-30 22:31:58 0 d-------- C:\Program Files\Sonic Foundry
2007-05-30 22:31:21 0 d-------- C:\Program Files\Sonic Foundry Setup
2007-05-30 22:30:35 0 d-------- C:\Video Software
2007-05-30 22:29:11 755200 --a------ C:\WINDOWS\System32\Ir50_32.dll <Not Verified; Intel Corporation; Intel Indeo® video 5.10>
2007-05-30 22:28:42 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-05-30 22:21:28 0 d-------- C:\Program Files\Pinnacle
2007-05-30 22:15:09 0 d-------- C:\WINDOWS\RegisteredPackages
2007-05-30 22:14:50 997888 --a------ C:\WINDOWS\System32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:14:50 892416 --a------ C:\WINDOWS\System32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:14:50 1111040 --a------ C:\WINDOWS\System32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:11:50 151552 --a------ C:\WINDOWS\System32\mgxoschk.dll <Not Verified; MAGIX AG; >
2007-05-30 22:10:59 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-05-30 22:10:52 0 d-------- C:\Documents and Settings\Johnny\WINDOWS
2007-05-30 21:49:37 0 d-------- C:\Pana_USB
2007-05-30 21:40:51 0 d-------- C:\Program Files\Panasonic
2007-05-30 16:36:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\dvdcss
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\Johnny\Application Data\SiteAdvisor
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-05-29 16:49:38 21312 --a------ C:\WINDOWS\choice.exe
2007-05-29 16:49:15 0 d-------- C:\ie-spyad
2007-05-24 12:53:42 0 d-------- C:\Documents and Settings\Johnny\Application Data\Leadertech
2007-05-24 12:53:20 0 d-------- C:\Documents and Settings\Johnny\Application Data\Sonic
2007-05-24 12:53:17 0 d-------- C:\Program Files\Common Files\Sonic
2007-05-24 12:52:12 0 d-------- C:\Program Files\Sonic
2007-05-24 12:50:13 0 d-------- C:\Program Files\SpywareGuard
2007-05-23 00:33:54 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-05-23 00:33:36 0 d-------- C:\Program Files\QuickTime
2007-05-23 00:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH


-- Find3M Report ---------------------------------------------------------------

2007-05-31 23:34:11 0 d-------- C:\Program Files\SpeedFan
2007-05-30 22:15:10 0 d-------- C:\Program Files\Movie Maker
2007-05-30 21:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-29 16:38:18 0 d-------- C:\Program Files\SpywareBlaster
2007-05-23 20:34:55 0 d-------- C:\Program Files\MSN Messenger
2007-05-23 20:34:48 0 d-------- C:\Program Files\Messenger
2007-05-23 00:34:07 0 d-------- C:\Program Files\Real Alternative
2007-05-23 00:34:03 0 d-------- C:\Program Files\Media Player Classic
2007-05-21 16:50:12 0 d-------- C:\Program Files\BitTornado
2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 05:41:52 0 d-------- C:\Program Files\Webteh
2007-05-01 05:41:51 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 15:37:49 0 d-------- C:\Program Files\CyberLink
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LFAgent"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-04 at 22:40:23 ---------

[Ried]

Quote:

i can no longer access internet explorer.

Please provide detail--what happens? Can you even launch IE?

I take it Firefox works? If so, I'd like you to install the IE Tab add on for Firefox. (if you don't already have it) We can use that Tab to perform an online scan.

https://addons.mozilla.org/firefox/1419/

Further instructions about how to use it can be found here.

Once you've gotten the IE tab installed in Firefox, use the IE tab and run an online scan at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[ChemicalRomance]

it just won't open. this is the message that i've been getting: Windows cannot access the specified devide, path, or file. You may not have the appropriate permissions to access the item.

i've installed the addon, but i can't get to the kaspersky link.

[Ried]

Check you Kerio Firewall settings and see if IE is somehow being blocked.

[ChemicalRomance]

aha, so that's what it was!

the security settings of IE are set to medium, but kaspersky is saying that they aren't... ?

[Ried]

So you're all set now?

[ChemicalRomance]

not exactly.. i still can't use powerdvd...

[ChemicalRomance]

oh, it's okay now. i've just realised that kerio was blocking it. i checked if kerio was blocking it before, but i obviously didn't have a good enough look. thanks, ried.

[Ried]

Good...I'll mark this as resolved.

Take care...