Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter #1
Hi. I've been trying to get ride of some viruses to no avail. It slows down my internet connection and I can't even update ewido, avg, spybot and adaware because I think the virus prevents my computer from connecting to ther internet properly. I tried cleaning it with AVG and ewido to no avail becuase it keeps coming back. I tried online scans but my net connection tends to "hang" after 5 minutes so it never gets done. My PC also hangs a lot.

Help please. THanks!Here is my scan report from Ewido and my Hijack This

Log:



Logfile of HijackThis v1.99.1
Scan saved at 11:46:07 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\msinit.exe
C:\WINDOWS\mspathfinder
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\msconfigx32.exe
C:\WINDOWS\System32\s3hotkey.exe
C:\WINDOWS\System32\S3tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3B Software\Windows Registry Repair

Pro\RegistryRepairPro.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.113\program\soffice.BIN
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\eeya\LOCALS~1\Temp\Rar$EX01.288\Hijack This.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Config 32] msconfigx32.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Config 32] msconfigx32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Microsoft Config 32] msconfigx32.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B

Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: OpenOffice.org 1.9.113.lnk = C:\Program Files\OpenOffice.org

1.9.113\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/active...free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: clmss (Content List Management Sub System) - Unknown owner -

C:\WINDOWS\clmss.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner -

C:\WINDOWS\msinit.exe
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner

- C:\WINDOWS\mspathfinder
O23 - Service: NT login service (ntlogin32) - Unknown owner -

C:\WINDOWS\System32\libsys32.exe (file missing)




ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:10:43 PM, 11/3/2005
+ Report-Checksum: 92BDECA9

+ Scan result:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary

Internet Files\Content.IE5\2R7LANSD\goaway[1].exe -> Trojan.LowZones.ct :

Cleaned with backup
C:\WINDOWS\system32\setup_25107.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_45643.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_24336.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\setup_64868.exe -> Backdoor.SdBot.aad : Cleaned

with backup
C:\WINDOWS\system32\hpdriver.sys -> Trojan.Rootkit.Agent.ae :

Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll ->

Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\0AYQH5K4\goaway[1].exe -> Trojan.LowZones.ct : Cleaned

with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\8E4GWLVE\emoticons[1].exe -> Trojan.LowZones.cf : Cleaned

with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\8E4GWLVE\mmxxxxmas2[1].exe -> TrojanDownloader.VB.jl :

Cleaned with backup
C:\Documents and Settings\eeya\Local Settings\Temporary Internet

Files\Content.IE5\PTQIMN3T\avatarz[1].exe -> Trojan.LowZones.cf : Cleaned

with backup
:mozilla.9:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.31:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.48:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Com : Cleaned with backup
:mozilla.74:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Com : Cleaned with backup
:mozilla.76:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.82:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.83:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\eeya\Application

Data\Mozilla\Firefox\Profiles\g8coybfj.default\coo kies.txt ->

Spyware.Cookie.Trafic : Cleaned with backup
C:\goaway.exe -> Trojan.LowZones.ct : Cleaned with backup
C:\Recycled\Dc6.exe -> Trojan.LowZones.ct : Cleaned with backup


::Report End
 

·
Registered
Joined
·
3,100 Posts
Please Turn off Word Wrap in your text editing program then post a new log. In Notepad this is done by clicking on Word Wrap in the Edit menu to remove the check. This will make the log much easier for the analysts to read.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top