My PC is a mess....help please!

[Paris Cola]

Hi,

My PC is a mess. Pop ups and it keeps shutting down.

Bitdefender, Kaspersky, ad-aware didn’t help.

Below is my HJT log.

Can anyone help me out?

Paris Cola


Logfile of HijackThis v1.99.1
Scan saved at 2:30:44 PM, on 3/18/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINNT\system32\ctmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [angeleyes] C:\Program Files\iSOad\msdll.exe
O4 - HKLM\..\Run: [CT Monitor] ctmon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dxvid] c:\winnt\system32\dxvid.exe /nocomm
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\RunServices: [Windows Update Drive] drives.exe
O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKLM\..\RunServices: [CT Monitor] ctmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/126p/html/gtdownlr.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132555241728
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/sysiasvc32_EN.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF0D385-2B0B-4C49-A161-5C025E1858CD}: NameServer = 194.74.65.68 194.72.0.114
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINNT\system32\wincntrl.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your computer is infected by quite a few nasties.

Go and have your computer scanned HERE.

Then, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Then see. How to post your Hijackthis log-file as an ATTACHMENT.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

 

[Paris Cola]

Hi Howard,

I followed you suggestions and did all the scans but my PC still keeps shutting down and I still have all the pop ups.

I have attached my new HJT log.

Thanks

Paris Cola

 

[dEXter_27]

scan

If u have a version of Bitdefender Free is suck
try to download Bit defender 9 professional plus
use key generator "BitDefenderPro-Keygen.exe" When key generated are no used from anoter user u can make update antivirus
If the key is used u will tray again

download ad-aware Se profesional 1.06r1
and scan.

 

[dEXter_27]

Key Generator

:bounce: Happy Bitdefender :bounce:

 

[Paris Cola]

Hi,

I tried Bitdefender and it didn't help.

my log is attached in my post above if anyone can help?

P Cola

 

[Tedster]

what do your anti-virus and multiple anti-trojan programs say?

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

C:\Program Files\iSOad

C:\Program Files\SpyBro

Close control panel.

Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).

msdll.exe
ctmon.exe
msqsrc.exe
dxvid.exe
fgqklmitr.exe
drives.exe
wuapi.exe
wincntrl.exe

Close task manager.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Locate these services and double click on them. Select stop, if they are running and set the startup type to disabled. Click apply/ok.

Windows Update Drive
CT Monitor
MS Dns Service
Automatic Update Service
NeroFilter
NeroCheck

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [angeleyes] C:\Program Files\iSOad\msdll.exe
O4 - HKLM\..\Run: [CT Monitor] ctmon.exe
O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\Run: [msqsrc] c:\program files\common files\system\msqsrc.exe /install
O4 - HKLM\..\Run: [dxvid] c:\winnt\system32\dxvid.exe /nocomm

O4 - HKLM\..\Run: [fgqklmitr] c:\winnt\system32\fgqklmitr.exe fgqklmitr
O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\RunServices: [Windows Update Drive] drives.exe
O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE

O4 - HKLM\..\RunServices: [CT Monitor] ctmon.exe
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart

O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINNT\system32\wincntrl.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\Program Files\iSOad\msdll.exe
c:\program files\common files\system\msqsrc.exe /install
c:\winnt\system32\dxvid.exe /nocomm
c:\winnt\system32\fgqklmitr.exe fgqklmitr

drives.exe

C:\Program Files\SpyBro\SpyBro.exe" /autostart

C:\WINNT\System32\wuapi.exe
C:\WINNT\system32\wincntrl.exe

Reboot into normal mode and post a fresh HJT log.

Regards Howard

 

[Paris Cola]

Hi Howard,

Thanks for getting back to me!

I followed your instructions and have attached my new log.

Where to from here?

P Cola

 

[howard_hopkinso]

Your HJT log is now clean.

Regards Howard

 

[Paris Cola]

Hi Howard,

My PC is still shutting down and still has all the Casino and xxx pop ups?

What can I do?

P Cola

 

[howard_hopkinso]

I`ve looked at your HJT log again. I can`t see anything obviously nasty.

However, there are a couple of entries that look a little suspicious.

These are.

O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S

O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

Uninstall both these pogrammes in safe mode, then delete the directories.

Other than that, I can`t see anything wrong.

Regards Howard

 

[dEXter_27]

if u tried bitdefender u was anabled to make update to virus definitions?
if not the key are used from another user. so try to generate another one
i have on my computer Bitdefender 9 profesional plus , Avg free edition Ad-Aware
and kerio fireware.
the point is: The pc is clean No virus.
but u must be careful "read the messages" and be whit yes in 4!
P4c800;P4 2800 overclock 3200; 1G ram; 1,3 T Hdd
I think i must be careful no ?

 

[howard_hopkinso]

if u tried bitdefender u was anabled to make update to virus definitions?
if not the key are used from another user. so try to generate another one
i have on my computer Bitdefender 9 profesional plus , Avg free edition Ad-Aware
and kerio fireware.
the point is: The pc is clean No virus.
but u must be careful "read the messages" and be whit yes in 4!
P4c800;P4 2800 overclock 3200; 1G ram; 1,3 T Hdd
I think i must be careful no ?

We don`t talk about keygens here.

Techspot does not condone piracy