TechSpot

Is my computer clean?

By sobhi66
Jul 29, 2009
  1. hey all,

    i think i have a virus/trojan/malware/spyware

    by my experiance i tried to know what virus/trojan/malware/spyware i have
    1TR/Agent.143360.13' [trojan]
    2TR/Dropper.Gen' [trojan]
    3 'DR/Delphi.Gen' [dropper]
    maybe they are wrong so i made a hijack log.

    i use avira ,super anti spyware *full editon* ,malwarebytes

    can u check my hijack log

    --------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:38:21 AM, on 7/30/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Free Download Manager\fdmwi.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Al-Hasan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    c:\program files\avira\antivir desktop\avcenter.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 7435 bytes



    -----------------------------------------------------------------

    sorry for my bad english :(
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Run the 8-Step cleaning instructions outlined in this Forum and post your scan results as outlined
     
  3. sobhi66

    sobhi66 TS Rookie Topic Starter

    ok i will run it
     
  4. sobhi66

    sobhi66 TS Rookie Topic Starter

    man i have a problem with my super anti spyware after the scan when i press *see results*

    it show me then when it start moving them to quarantined the program crashes but i will try to install it again and scan hope that it work

    i uploaded my malwarebyte log
     
  5. sobhi66

    sobhi66 TS Rookie Topic Starter

    ok added please all check my logs
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Okay,
    you were infected with a backdoor trojan... Turn off System Restore by going to Control Panel, System, Advanced. Uncheck any checked boxes. Rerun malwarebytes and Antivir. Antivir didn't detect this trojan in the first place? When your system is clean, turn on System restore and apply all the missing Windows Updates including XP SP3
     
  7. sobhi66

    sobhi66 TS Rookie Topic Starter

    hi again can u tell me how big are the updates ?

    in megabytes?

    and ill do ur steps thanks
     
  8. sobhi66

    sobhi66 TS Rookie Topic Starter

    by the way in my whole life i didnt do 1 single update in all my computers maybe that's why i always have problems with viruses etc....

    i will do them
     
  9. sobhi66

    sobhi66 TS Rookie Topic Starter

    hey,

    i did all your steps then made another scans and they were good i don't have viruses or anything so thanks again.

    i have some problem with ccleaner it suppose to fix registry,when i press scan for problems it show me one problem (unused file extension) i press fix then i scan again for problems and it keep coming is it something bad i will attach a picture for you to see it

    other than that my computer is clean fast and secure
    thanks again for your help.

    (200kb max for .bmp pictures is very llow for a picutre and my picture was 1.5 mb
    the forum should increase it :S you should fix it i had to lower the quality to the lowest quality and to make it smaller also .

    sorry for my bad English

    and thanks again for your help again
     
  10. sobhi66

    sobhi66 TS Rookie Topic Starter

    also from where to get sp3 xp update
     
  11. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Windows Update should be in the All Programs section of the start bar. Just run Custom and it will give you a list. Select Install updates and it will update XP automatically. If you restart, run the updates again and again, until you see no more in the list
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    sobhi66, I can't assist in your malware cleaning at this time, but I would like to bring something to your attention:

    1. When you edit a post to add something, the email notice of a reply does not go out. That means that those who are helping or who have subscribed to your thread don't know something has been added.

    2. You should read the directions for running any programs carefully. Some have a special line you have to check for them to work. If you don't do the check, you get a notice like this: No action taken.
    meaning that the program did what it was suppose to do but you didn't tell it to take the next step.

    The Windows operating system and all it's components such as Internet explorer should always be currently updated. The same goes for the Adobe Reader and Java. If these updates aren't done and if the updates were for security purposes, i.e. to patch a vulnerability, then your system is vulnerable.
     
  13. sobhi66

    sobhi66 TS Rookie Topic Starter

    stfu

    can u please stfu i know what im doing fix ur forum first then we talk
     
  14. sobhi66

    sobhi66 TS Rookie Topic Starter

    can a moderator lock this topic because Tmagic650 helped me with evry thing

    thanks for him Tmagic650

    *end of discussion*
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...