Tech Support Forum banner
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
Hey all , i run 2 machines on my network one of which is a web server running windows XP , it all worked fine until recently , i have started to recieve multiple errors such as "windows explorer has encountered a problem and needs to close" etc , this causes me to loose my desktop completely , and the machine also has random restarts. i managed to get on to the pc for long enough to run Hijack this and here is the log file that i got.

Logfile of HijackThis v1.99.1
Scan saved at 14:57:17, on 01/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\System32\defrag.exe
C:\Documents and Settings\Admin\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=www.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D9FEE7-0F58-4E3D-B1D0-477B71B6BBDF}: NameServer = 192.168.0.1,192.168.0.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

i have also tried running my AVG anti spyware and anti virus software but this had no affect.
i also read somewhere that creating a new user profile helped but it hasnt
please help me
thanks
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #2 ·
Help with this please

Hey all , i think i have some sort of malware or something as i keep getting this popup

"Messenger Service"

Message from FROM to TO on 01/02/2007 17:13:53
STOP! WINDOWS REQUIRES IMEDIATE ATTENTION

Window has found 55 critical system errors:
to fix the errors please do the following

1. download Registry update from www.regproscan.com
2. instal registry update
3. run registry update
4. reboot your computer

FAILUIRE TO ACT NOW MAY LEAD TOO SYSTEM FAILURE !


I think this is some form of virus or malware or something , please help , i get these pop up every 10 mins or so
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Cascade,

I'm not seeing any malware in your log--let's see if this tool reveals anything for us:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Cascade,

Is this the same system as this thread?

If not, please run a HijackThis scan on this machine and post it here for review.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #5 ·
heres the combo fix log


"Server Admin" - 07-02-01 18:56:31 Service Pack 1
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Server Admin\Desktop"

ERROR !!! /wow section not completed

((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))


2007-02-01 17:10 <DIR> d-------- C:\VundoFix Backups
2007-02-01 16:52 <DIR> d---s---- C:\DOCUME~1\SERVER~1\UserData
2007-02-01 16:49 <DIR> d-------- C:\DOCUME~1\SERVER~1\Application Data\AVG7
2007-01-23 16:13 <DIR> d-------- C:\Nic's Files only
2007-01-16 17:06 <DIR> d-------- C:\Program Files\MySQL
2007-01-13 11:06 75,904 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-01-13 11:06 <DIR> d-------- C:\Program Files\VIA
2007-01-02 20:10 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-01-02 20:10 937,984 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-01-02 20:10 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-01-02 20:10 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-01-02 20:10 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-01-02 20:10 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-01-02 20:10 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-01-02 20:10 76,800 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-01-02 20:10 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-01-02 20:10 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-01-02 20:10 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-01-02 20:10 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-02 20:10 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-01-02 20:10 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-01-02 20:10 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-01-02 20:10 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-01-02 20:10 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-01-02 20:10 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-01-02 20:10 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-01-02 20:10 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-01-02 20:10 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-02 20:10 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-01-02 20:10 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-01-02 20:10 45,696 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-01-02 20:10 449,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-01-02 20:10 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-01-02 20:10 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-01-02 20:10 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-02 20:10 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-02 20:10 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-01-02 20:10 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-01-02 20:10 355,328 --a------ C:\WINDOWS\system32\dsound.dll
2007-01-02 20:10 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-01-02 20:10 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-01-02 20:10 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-01-02 20:10 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-01-02 20:10 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-01-02 20:10 311,808 --a------ C:\WINDOWS\system32\qdv.dll
2007-01-02 20:10 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-01-02 20:10 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-01-02 20:10 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-01-02 20:10 284,160 --a------ C:\WINDOWS\system32\ddraw.dll
2007-01-02 20:10 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-01-02 20:10 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-01-02 20:10 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-01-02 20:10 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-01-02 20:10 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-01-02 20:10 217,600 --a------ C:\WINDOWS\system32\dplayx.dll
2007-01-02 20:10 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-01-02 20:10 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-01-02 20:10 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-01-02 20:10 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-01-02 20:10 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-01-02 20:10 171,520 --a------ C:\WINDOWS\system32\dmime.dll
2007-01-02 20:10 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-01-02 20:10 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-01-02 20:10 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-01-02 20:10 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-01-02 20:10 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-01-02 20:10 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-01-02 20:10 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-01-02 20:10 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-01-02 20:10 116,736 --a------ C:\WINDOWS\system32\dmusic.dll
2007-01-02 20:10 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-01-02 20:10 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-01-02 20:10 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-01-02 20:10 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-01-02 20:10 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-01-02 20:10 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-01-02 20:10 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-01-02 20:10 1,675,264 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-01-02 20:10 1,634,304 --a------ C:\WINDOWS\system32\d3d9.dll
2007-01-02 20:10 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-01-02 20:10 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-01-02 20:10 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-01-02 20:10 1,177,600 --a------ C:\WINDOWS\system32\d3d8.dll
2007-01-02 20:07 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-02 20:06 <DIR> d-------- C:\Program Files\Creative
2007-01-02 20:05 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-02 20:05 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-02 19:46 <DIR> d-------- C:\Program Files\Apache Software Foundation


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 18:20 -------- d---s---- C:\DOCUME~1\SERVER~1\Application Data\microsoft
2007-02-01 16:50 -------- d-------- C:\DOCUME~1\SERVER~1\Application Data\macromedia
2007-02-01 15:04 -------- d-------- C:\DOCUME~1\SERVER~1\Application Data\identities
2007-01-02 19:54 -------- d-------- C:\Program Files\php
2006-12-29 19:29 -------- d-------- C:\Program Files\msn messenger
2006-12-22 13:20 -------- d-------- C:\Program Files\voyagertest
2006-12-22 13:20 -------- d-------- C:\Program Files\Common Files\ftl shared
2006-12-22 13:19 -------- d-------- C:\Program Files\bt voyager 105 adsl modem
2006-12-22 13:18 -------- d-------- C:\Program Files\voyagermodem105drivers
2006-12-22 11:44 737280 --a------ C:\WINDOWS\iun6002.exe
2006-12-21 17:11 -------- d-------- C:\Program Files\grisoft
2006-12-21 17:02 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-21 17:02 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-21 17:02 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-21 17:02 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-21 17:02 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-21 17:02 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-21 17:02 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-21 17:02 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-21 16:21 -------- d-------- C:\Program Files\filezilla server
2006-12-21 15:05 -------- d--h----- C:\Program Files\windowsupdate
2006-12-21 13:45 -------- d-------- C:\Program Files\jasc software inc
2006-12-21 13:45 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-21 13:45 -------- d-------- C:\Program Files\ahead
2006-12-21 13:39 -------- d-------- C:\Program Files\msn gaming zone
2006-12-21 13:39 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-21 13:38 0 -rahs---- C:\MSDOS.SYS
2006-12-21 13:38 0 -rahs---- C:\IO.SYS
2006-12-21 13:38 0 --a------ C:\CONFIG.SYS
2006-12-21 13:38 0 --a------ C:\AUTOEXEC.BAT
2006-12-21 13:38 -------- d-------- C:\Program Files\online services
2006-12-21 13:37 -------- d-------- C:\Program Files\movie maker
2006-12-21 13:37 -------- d-------- C:\Program Files\Common Files\mssoap
2006-12-21 13:36 -------- d-------- C:\Program Files\windows nt
2006-12-21 13:32 62 --ahs---- C:\DOCUME~1\SERVER~1\Application Data\desktop.ini
2006-12-21 13:32 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-21 13:32 -------- d-------- C:\Program Files\Common Files\odbc


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"FileZilla Server Interface"="\"C:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-02-01 18:56:44
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #6 ·
yes it is the same machine as that thread , but i did another hijack this anyway
here it is
Logfile of HijackThis v1.99.1
Scan saved at 19:32:24, on 01/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Server Admin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=www.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D9FEE7-0F58-4E3D-B1D0-477B71B6BBDF}: NameServer = 192.168.0.1,192.168.0.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
I've merged your threads together. :smile:

If advertisements are opening on your computer in a window entitled Messenger Service, it may indicate that your system is not secure. You should enable the Internet Connection Firewall and disable the Messenger Service in Windows XP to help protect your computer from unwanted spam and other potential threats.

Note:

Although the name of the service is similar, Messenger Service in Windows XP is not related to instant messaging programs such as Windows Messenger and MSN Messenger. Disabling instant messaging programs is not necessary and not recommended. Disabling instant messaging programs will not prevent Messenger Service spam on your computer.

**If your computer is part of a corporate network, ask the network administrator before disabling Messenger Service.

If you have Windows XP at home or in a small office that you manage yourself, you should disable the Messenger Service.
  • Go to Start>Run and copy/paste or type services.msc
  • Scroll down until you see Messenger.
  • In the Startup type list, choose Disabled
  • Click Stop, and then click OK.

Based on that message you're receiving, I think a good cleaning is prudent.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top