Dangerious Virus!

By sGReseT
Jul 25, 2007
Topic Status:
Not open for further replies.
  1. For the past month I have had this virus called " Winprofile " this virus is like so dangerious I dont know what it is or how I got it.. But for some reason when I try to delete it " using stopzilla " the virus completely turns my computer off .. or even when i scan my computer.. I have a question on how i can solve this problem or any other good anti viruses i can use that is stronger.


    heres what I got for Hijackthis


    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWSS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWSS\System32\svchost.exe
    C:\WINDOWSS\system32\Ati2evxx.exe
    C:\WINDOWSS\Explorer.EXE
    C:\WINDOWSS\System32\ctfmon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWSS\System32\WgaTray.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\WINDOWSS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
    O2 - BHO: (no name) - {3EA31403-E911-2CB6-D771-60557BF07368} - C:\WINDOWSS\System32\izhr.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWSS\System32\msdxm.ocx
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWSS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
    O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWSS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWSS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

    i got this when i ran hijackthis

    hows do i get rid of this!
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    You will likely here good stuff from the four or five members on this forum who are experts. They know how to read them. Removing the evils is more difficult.
    I see you have Stopzilla and Norton, or remenants of Norton on your disc.
    I am not fond of Stopzilla for serious infestations, finding it finicky, and sometimes creates its own problems.
    Jot down all the reinstall id info in Stop Zilla, so you can replace it, then delete it with "Add and Remove," and reboot.
    We find that AVG's three removal tools work better in concert, than does Stopzilla.
    We blieve repeat removal attempts, first in regular mode, then in Safe Mode, help with difficult items.
    Download AVG Antispyware, AVG Antivirus, and AVG root kit on another computer and put them on a cd to install on this computer. (You can find them with a Gurgle search for AVG Grisoft free.
    Install, then run them. Reboot.
    Then cold boot in SAFE MODE , and run all of them, one at a Time in SAFE MODE.
    Then run again, and remove.
    Install AVAST. Same procedure. Run in regular mode, then SAFE MODE and remove.
    Then go to Panda, Kaspersky, Computer Associates EZArmor, Symantec, and McAfee, and run their scans free scans, one at a time to see what you find. They will usually not remove the evil stuff, but they will identify them for repeats of spyware.
    I would also install and run Adaware 2007 and Spybot 14, but free, both very good.
    Repeat. Cold Boot. Run AVG and AVAST again, one at a time. Removing them after the installation.

    I would also download and run the free CCleaner, if you know a bit about the registry. I would not run it blind.

    These exercises are normally not necessary, but helpful when you have difficult things.

    You may also benefit from running your Windows Disc in Repair mode. Let it patch any damaged areas.
  3. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    This entry indicates that a Smitfraud/SpySheriff rogue anti-spyware infection was present at one point, but a malware removal program must have removed it.

    Please go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    P.S. It would be appreciated if you removed your copy-and-pasted logfile. Logfiles are to be posted as attachments only.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.