TechSpot

Slow Computer & Spyware Issues

By shadowstalker
Jul 12, 2008
  1. Hi,

    My computer is infected or something. It is running slow, there are pop-ups even though my blocker is on, it's kicking me off the internet, and I think there are trojans, just a lot of irritating junk going on. I had a problem sorta like this in April that Kritius helped with, everything was great until about two weeks ago, then the past two days it has been bad and getting worse.. Please help, it's driving me nuts!!

    Attatched is a malwarebytes' report, and a hijackthis report.
     
  2. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    OK. So it will not let me post the hijackthis.

    I'll post them separately.
     
  3. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    then attache the file
     
  4. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    Deckard's System Scanner v20071014.68
    Run by Christy on 2008-07-12 15:05:30
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 79% (more than 75%).


    -- HijackThis (run as Christy.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:05:45 PM, on 7/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Documents and Settings\Christy\winlogon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\sony\giga pocket\usbsircs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\pics\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\giga pocket\ReserveModule.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\sony\giga pocket\gps.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
    C:\Program Files\Sony\giga pocket\GPVSvr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Christy\Local Settings\Temporary Internet Files\Content.IE5\VVO487TO\dss[1].exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Christy.exe
     
  5. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60311
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {25F53D20-1CEB-4559-AEDF-D2DEAC4802F5} - C:\WINDOWS\system32\yaywxYsq.dll
    O2 - BHO: (no name) - {67B22EB2-4177-4133-A6A5-4A31ACF8F9E7} - C:\WINDOWS\system32\nnnoMGvS.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGvvwXO.dll
    O2 - BHO: {2765df99-2c66-6309-00d4-02eb2f576af7} - {7fa675f2-be20-4d00-9036-66c299fd5672} - C:\WINDOWS\system32\amrnqe.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Christy\winlogon.exe
    O4 - HKLM\..\Run: [fc1bd4dd] rundll32.exe "C:\WINDOWS\system32\hlqrtahl.dll",b
    O4 - HKLM\..\Run: [BMff28e741] Rundll32.exe "C:\WINDOWS\system32\wmnapkld.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = D:\pics\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
     
  6. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    O20 - Winlogon Notify: hgGvvwXO - C:\WINDOWS\SYSTEM32\hgGvvwXO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    --
    End of file - 13554 bytes

    -- Files created between 2008-06-12 and 2008-07-12 -----------------------------

    2008-07-12 10:19:20 81408 --a------ C:\WINDOWS\system32\hlqrtahl.dll
    2008-07-12 10:17:08 101888 --a------ C:\WINDOWS\system32\amrnqe.dll
    2008-07-12 10:17:07 101888 --a------ C:\WINDOWS\system32\tqtvktxl.dll
    2008-07-12 10:17:00 91648 --a------ C:\WINDOWS\system32\wmnapkld.dll
    2008-07-12 10:16:19 726395 --ahs---- C:\WINDOWS\system32\qsYxwyay.ini2
    2008-07-12 10:16:13 281600 --a------ C:\WINDOWS\system32\yaywxYsq.dll
    2008-07-12 10:07:30 101888 --a------ C:\WINDOWS\system32\kgsaid.dll
    2008-07-12 10:07:29 101888 --a------ C:\WINDOWS\system32\atilfiwf.dll
    2008-07-12 10:07:17 91648 --a------ C:\WINDOWS\system32\htaffcov.dll
    2008-07-12 10:06:13 31232 --a------ C:\WINDOWS\system32\ddcDwvVL.dll
    2008-07-12 10:06:10 31232 --a------ C:\WINDOWS\system32\awtTnmJd.dll
    2008-07-11 17:33:01 0 d-------- C:\Program Files\ReflexiveArcade
    2008-07-11 16:38:02 715927 --ahs---- C:\WINDOWS\system32\SvGMonnn.ini2
    2008-07-11 16:32:55 0 d-------- C:\WINDOWS\system32\olixds18
    2008-07-11 16:32:55 0 d-------- C:\Temp
    2008-07-11 16:32:52 31232 --a------ C:\WINDOWS\system32\khfEWNfd.dll
    2008-07-11 16:32:52 31232 --a------ C:\WINDOWS\system32\hgGvvwXO.dll
    2008-07-10 12:06:50 0 d-------- C:\Documents and Settings\Christy\Application Data\Skinux
    2008-07-10 12:02:44 0 d-------- C:\Program Files\Kodak
    2008-07-10 12:01:43 0 d-------- C:\Program Files\Common Files\Kodak
    2008-07-10 11:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2008-07-10 11:43:51 0 d-------- C:\Documents and Settings\Christy\Application Data\Image Zone Express
    2008-07-05 22:30:00 0 d-------- C:\WINDOWS\Sun
    2008-07-05 22:29:59 0 d-------- C:\Documents and Settings\Christy\Application Data\Sun
    2008-06-30 12:42:56 0 d-------- C:\Documents and Settings\Christy\Application Data\LimeWire
    2008-06-30 12:41:58 0 d-------- C:\Program Files\Sun
    2008-06-30 12:40:36 0 d-------- C:\Program Files\Java
    2008-06-30 12:40:12 0 d-------- C:\Program Files\Common Files\Java
    2008-06-27 18:38:32 53248 ---hs---- C:\Documents and Settings\Christy\winlogon.exe
    2008-06-26 11:50:18 0 d-------- C:\Documents and Settings\Christy\Application Data\Apple Computer
    2008-06-26 11:49:42 0 d-------- C:\Program Files\iPod
    2008-06-26 11:49:10 0 d-------- C:\Program Files\iTunes
    2008-06-26 11:48:34 0 d-------- C:\Program Files\Bonjour
    2008-06-26 11:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-26 11:46:29 0 d-------- C:\Program Files\Apple Software Update
    2008-06-26 11:46:13 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2008-06-26 11:45:42 0 d-------- C:\Program Files\Common Files\Apple
    2008-06-26 11:45:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
     
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    download vundofix from the link below

    VundoFix


    Double-click VundoFix.exe to run it.
    When VundoFix opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.

    then post a new hijackthis log
     
  8. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    -- Find3M Report ---------------------------------------------------------------

    2008-07-12 10:05:12 0 d-------- C:\Documents and Settings\Christy\Application Data\AVG7
    2008-07-11 20:01:47 0 d-------- C:\Program Files\Encarta Online
    2008-07-10 12:01:43 0 d-------- C:\Program Files\Common Files
    2008-07-10 11:42:23 0 d-------- C:\Documents and Settings\Christy\Application Data\HP
    2008-06-26 11:48:19 0 d-------- C:\Program Files\QuickTime
    2008-05-12 14:30:46 0 d-------- C:\Documents and Settings\Christy\Application Data\Real


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25F53D20-1CEB-4559-AEDF-D2DEAC4802F5}]
    07/12/2008 10:16 AM 281600 --a------ C:\WINDOWS\system32\yaywxYsq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67B22EB2-4177-4133-A6A5-4A31ACF8F9E7}]
    C:\WINDOWS\system32\nnnoMGvS.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7768234D-E494-424D-96E6-4819A1E16325}]
    07/11/2008 04:32 PM 31232 --a------ C:\WINDOWS\system32\hgGvvwXO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7fa675f2-be20-4d00-9036-66c299fd5672}]
    07/12/2008 10:17 AM 101888 --a------ C:\WINDOWS\system32\amrnqe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch"="C:\WINDOWS\htpatch.exe" [10/30/2002 08:40 PM]
    "SiS Tray"="" []
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [11/06/2002 08:13 PM]
    "AGRSMMSG"="AGRSMMSG.exe" [10/18/2002 02:07 PM C:\WINDOWS\AGRSMMSG.exe]
    "CTHelper"="CTHELPER.EXE" [11/08/2002 01:46 PM C:\WINDOWS\system32\cthelper.exe]
    "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 01:01 AM]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/17/2008 10:52 AM]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
    "Windows Logon Applicationedc"="C:\Documents and Settings\Christy\winlogon.exe" [06/27/2008 06:38 PM]
    "fc1bd4dd"="C:\WINDOWS\system32\hlqrtahl.dll" [07/12/2008 10:19 AM]
    "BMff28e741"="C:\WINDOWS\system32\wmnapkld.dll" [07/12/2008 10:17 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [07/17/2002 12:00 PM]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/06/2008 11:50 AM]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SetDefaultMidi"=MIDIDEF.EXE

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/7/2007 12:41:54 AM]
    Billminder.lnk - C:\Program Files\Quicken\billmind.exe [9/20/2002 1:19:46 PM]
    Giga Pocket Remocon Driver.lnk - C:\Program Files\sony\giga pocket\usbsircs.exe [12/7/2007 12:37:49 AM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/6/2008 11:50:23 AM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
    Kodak EasyShare software.lnk - D:\pics\Kodak EasyShare software\bin\EasyShare.exe [5/10/2008 7:15:28 AM]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 1:20:02 PM]
    Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [9/20/2002 1:20:06 PM]
    Timer Recording Manager.lnk - C:\Program Files\Sony\giga pocket\ReserveModule.exe [12/7/2007 12:37:49 AM]
    VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [12/5/2002 5:44:22 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=1 (0x1)
    "disableregistrytools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{7768234D-E494-424D-96E6-4819A1E16325}"= C:\WINDOWS\system32\hgGvvwXO.dll [07/11/2008 04:32 PM 31232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvvwXO]
    hgGvvwXO.dll 07/11/2008 04:32 PM 31232 C:\WINDOWS\system32\hgGvvwXO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywxYsq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
    "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"




    -- End of Deckard's System Scanner: finished at 2008-07-12 15:06:44 ------------
     
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    you are running hijackthis from a temp location

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and attach the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  10. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    OK. I have HJT installed. It installed it to C:\Program Files\Trend Micro\ Hijack This.
    Now VundoFix is scanning..
     
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ok make sure to attach the file
     
  12. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    VundoFix did a full scan and said, "Done searching for files. No infected files were found".

    Here's the attatchment for hjt..
     
  13. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    looks like You have a CoolWebSearch infection.

    Download CWShredder Here to its own folder.

    Update CWShredder
    • Open CWShredder and click I AGREE
    • Click Check For Update
    • Close CWShredder
    Boot into Safe Mode:
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    also download combofix from the link below and run it but make sure to disable any virus,firewall or spyware protection be for running. Then attach the log

    ComboFix
     
  15. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    Did it and it said, "CoolWebSearch infection was not found"
     
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    ok run the combofix and post the log
     
  17. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    ComboFix report
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Ok can you post a fresh hijackthis log but before you do go to

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    and change HijackThis to Crusty
     
  19. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    I tried and it said it might become unstable if I change it..
     
  20. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    As in change do you mean rename?
     
  21. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    hmm you did not have it running while you tried to change the name
     
  22. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    no, it wasn't running
     
  23. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    and you are renaming the the application not the folder right

    HijackThis.exe
     
  24. shadowstalker

    shadowstalker TS Rookie Topic Starter Posts: 36

    I'm not sure if I did it right, but here it is..
     
  25. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...