Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter #1
Hi. I've been trying to get ride of some viruses to no avail. It slows down my internet connection and I can't even update ewido, avg, spybot and adaware because I think the virus prevents my computer from connecting to ther internet properly. I tried cleaning it with AVG and ewido to no avail becuase it keeps coming back. I tried online scans but my net connection tends to "hang" after 5 minutes so it never gets done. My PC also hangs a lot.

Help please. THanks!Here is my scan report from Ewido and my Hijack This

Log:



Logfile of HijackThis v1.99.1
Scan saved at 11:46:07 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\msinit.exe
C:\WINDOWS\mspathfinder
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\msconfigx32.exe
C:\WINDOWS\System32\s3hotkey.exe
C:\WINDOWS\System32\S3tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3B Software\Windows Registry Repair

Pro\RegistryRepairPro.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.BIN
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\eeya\LOCALS~1\Temp\Rar$EX01.288\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B

Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: OpenOffice.org 1.9.113.lnk = C:\Program Files\OpenOffice.org

1.9.113\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: clmss (Content List Management Sub System) - Unknown owner -

C:\WINDOWS\clmss.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner -

C:\WINDOWS\msinit.exe
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner

- C:\WINDOWS\mspathfinder
O23 - Service: NT login service (ntlogin32) - Unknown owner -

C:\WINDOWS\System32\libsys32.exe (file missing)




ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:10:43 PM, 11/3/2005
+ Report-Checksum: 92BDECA9

+ Scan result:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary

Internet Files\Content.IE5\2R7LANSD\goaway[1].exe -> Trojan.LowZones.ct :

Cleaned with backup
C:\WINDOWS\system32\setup_25107.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_45643.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_24336.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_64868.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\hpdriver.sys -> Trojan.Rootkit.Agent.ae :

Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll ->

Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\0AYQH5K4\goaway[1].exe -> Trojan.LowZones.ct : Cleaned

with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\8E4GWLVE\emoticons[1].exe -> Trojan.LowZones.cf : Cleaned

with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\8E4GWLVE\mmxxxxmas2[1].exe -> TrojanDownloader.VB.jl :

Cleaned with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\PTQIMN3T\avatarz[1].exe -> Trojan.LowZones.cf : Cleaned

with backup
:mozilla.9:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.31:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.48:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Com : Cleaned with backup
:mozilla.74:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Com : Cleaned with backup
:mozilla.76:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.82:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.83:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\cookies.txt ->

Spyware.Cookie.Trafic : Cleaned with backup
C:\goaway.exe -> Trojan.LowZones.ct : Cleaned with backup
C:\Recycled\Dc6.exe -> Trojan.LowZones.ct : Cleaned with backup


::Report End
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top