Slow Computer & Spyware Issues

[shadowstalker]

Hi,

My computer is infected or something. It is running slow, there are pop-ups even though my blocker is on, it's kicking me off the internet, and I think there are trojans, just a lot of irritating junk going on. I had a problem sorta like this in April that Kritius helped with, everything was great until about two weeks ago, then the past two days it has been bad and getting worse.. Please help, it's driving me nuts!!

Attatched is a malwarebytes' report, and a hijackthis report.

 

[shadowstalker]

OK. So it will not let me post the hijackthis.

I'll post them separately.

 

[xxdanielxx]

then attache the file

 

[shadowstalker]

Deckard's System Scanner v20071014.68
Run by Christy on 2008-07-12 15:05:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis (run as Christy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:45 PM, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Christy\winlogon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\pics\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\giga pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Christy\Local Settings\Temporary Internet Files\Content.IE5\VVO487TO\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christy.exe

 

[shadowstalker]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60311
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {25F53D20-1CEB-4559-AEDF-D2DEAC4802F5} - C:\WINDOWS\system32\yaywxYsq.dll
O2 - BHO: (no name) - {67B22EB2-4177-4133-A6A5-4A31ACF8F9E7} - C:\WINDOWS\system32\nnnoMGvS.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGvvwXO.dll
O2 - BHO: {2765df99-2c66-6309-00d4-02eb2f576af7} - {7fa675f2-be20-4d00-9036-66c299fd5672} - C:\WINDOWS\system32\amrnqe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Christy\winlogon.exe
O4 - HKLM\..\Run: [fc1bd4dd] rundll32.exe "C:\WINDOWS\system32\hlqrtahl.dll",b
O4 - HKLM\..\Run: [BMff28e741] Rundll32.exe "C:\WINDOWS\system32\wmnapkld.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\pics\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

[shadowstalker]

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
O20 - Winlogon Notify: hgGvvwXO - C:\WINDOWS\SYSTEM32\hgGvvwXO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 13554 bytes

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 10:19:20 81408 --a------ C:\WINDOWS\system32\hlqrtahl.dll
2008-07-12 10:17:08 101888 --a------ C:\WINDOWS\system32\amrnqe.dll
2008-07-12 10:17:07 101888 --a------ C:\WINDOWS\system32\tqtvktxl.dll
2008-07-12 10:17:00 91648 --a------ C:\WINDOWS\system32\wmnapkld.dll
2008-07-12 10:16:19 726395 --ahs---- C:\WINDOWS\system32\qsYxwyay.ini2
2008-07-12 10:16:13 281600 --a------ C:\WINDOWS\system32\yaywxYsq.dll
2008-07-12 10:07:30 101888 --a------ C:\WINDOWS\system32\kgsaid.dll
2008-07-12 10:07:29 101888 --a------ C:\WINDOWS\system32\atilfiwf.dll
2008-07-12 10:07:17 91648 --a------ C:\WINDOWS\system32\htaffcov.dll
2008-07-12 10:06:13 31232 --a------ C:\WINDOWS\system32\ddcDwvVL.dll
2008-07-12 10:06:10 31232 --a------ C:\WINDOWS\system32\awtTnmJd.dll
2008-07-11 17:33:01 0 d-------- C:\Program Files\ReflexiveArcade
2008-07-11 16:38:02 715927 --ahs---- C:\WINDOWS\system32\SvGMonnn.ini2
2008-07-11 16:32:55 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-11 16:32:55 0 d-------- C:\Temp
2008-07-11 16:32:52 31232 --a------ C:\WINDOWS\system32\khfEWNfd.dll
2008-07-11 16:32:52 31232 --a------ C:\WINDOWS\system32\hgGvvwXO.dll
2008-07-10 12:06:50 0 d-------- C:\Documents and Settings\Christy\Application Data\Skinux
2008-07-10 12:02:44 0 d-------- C:\Program Files\Kodak
2008-07-10 12:01:43 0 d-------- C:\Program Files\Common Files\Kodak
2008-07-10 11:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-10 11:43:51 0 d-------- C:\Documents and Settings\Christy\Application Data\Image Zone Express
2008-07-05 22:30:00 0 d-------- C:\WINDOWS\Sun
2008-07-05 22:29:59 0 d-------- C:\Documents and Settings\Christy\Application Data\Sun
2008-06-30 12:42:56 0 d-------- C:\Documents and Settings\Christy\Application Data\LimeWire
2008-06-30 12:41:58 0 d-------- C:\Program Files\Sun
2008-06-30 12:40:36 0 d-------- C:\Program Files\Java
2008-06-30 12:40:12 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 18:38:32 53248 ---hs---- C:\Documents and Settings\Christy\winlogon.exe
2008-06-26 11:50:18 0 d-------- C:\Documents and Settings\Christy\Application Data\Apple Computer
2008-06-26 11:49:42 0 d-------- C:\Program Files\iPod
2008-06-26 11:49:10 0 d-------- C:\Program Files\iTunes
2008-06-26 11:48:34 0 d-------- C:\Program Files\Bonjour
2008-06-26 11:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 11:46:29 0 d-------- C:\Program Files\Apple Software Update
2008-06-26 11:46:13 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-26 11:45:42 0 d-------- C:\Program Files\Common Files\Apple
2008-06-26 11:45:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple

 

[xxdanielxx]

download vundofix from the link below

VundoFix


Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

then post a new hijackthis log

 

[shadowstalker]

-- Find3M Report ---------------------------------------------------------------

2008-07-12 10:05:12 0 d-------- C:\Documents and Settings\Christy\Application Data\AVG7
2008-07-11 20:01:47 0 d-------- C:\Program Files\Encarta Online
2008-07-10 12:01:43 0 d-------- C:\Program Files\Common Files
2008-07-10 11:42:23 0 d-------- C:\Documents and Settings\Christy\Application Data\HP
2008-06-26 11:48:19 0 d-------- C:\Program Files\QuickTime
2008-05-12 14:30:46 0 d-------- C:\Documents and Settings\Christy\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25F53D20-1CEB-4559-AEDF-D2DEAC4802F5}]
07/12/2008 10:16 AM 281600 --a------ C:\WINDOWS\system32\yaywxYsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67B22EB2-4177-4133-A6A5-4A31ACF8F9E7}]
C:\WINDOWS\system32\nnnoMGvS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7768234D-E494-424D-96E6-4819A1E16325}]
07/11/2008 04:32 PM 31232 --a------ C:\WINDOWS\system32\hgGvvwXO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7fa675f2-be20-4d00-9036-66c299fd5672}]
07/12/2008 10:17 AM 101888 --a------ C:\WINDOWS\system32\amrnqe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [10/30/2002 08:40 PM]
"SiS Tray"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [11/06/2002 08:13 PM]
"AGRSMMSG"="AGRSMMSG.exe" [10/18/2002 02:07 PM C:\WINDOWS\AGRSMMSG.exe]
"CTHelper"="CTHELPER.EXE" [11/08/2002 01:46 PM C:\WINDOWS\system32\cthelper.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 01:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/17/2008 10:52 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Windows Logon Applicationedc"="C:\Documents and Settings\Christy\winlogon.exe" [06/27/2008 06:38 PM]
"fc1bd4dd"="C:\WINDOWS\system32\hlqrtahl.dll" [07/12/2008 10:19 AM]
"BMff28e741"="C:\WINDOWS\system32\wmnapkld.dll" [07/12/2008 10:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [07/17/2002 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/06/2008 11:50 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/7/2007 12:41:54 AM]
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [9/20/2002 1:19:46 PM]
Giga Pocket Remocon Driver.lnk - C:\Program Files\sony\giga pocket\usbsircs.exe [12/7/2007 12:37:49 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/6/2008 11:50:23 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
Kodak EasyShare software.lnk - D:\pics\Kodak EasyShare software\bin\EasyShare.exe [5/10/2008 7:15:28 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 1:20:02 PM]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [9/20/2002 1:20:06 PM]
Timer Recording Manager.lnk - C:\Program Files\Sony\giga pocket\ReserveModule.exe [12/7/2007 12:37:49 AM]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [12/5/2002 5:44:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7768234D-E494-424D-96E6-4819A1E16325}"= C:\WINDOWS\system32\hgGvvwXO.dll [07/11/2008 04:32 PM 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvvwXO]
hgGvvwXO.dll 07/11/2008 04:32 PM 31232 C:\WINDOWS\system32\hgGvvwXO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywxYsq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"




-- End of Deckard's System Scanner: finished at 2008-07-12 15:06:44 ------------

 

[xxdanielxx]

you are running hijackthis from a temp location

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and attach the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[shadowstalker]

OK. I have HJT installed. It installed it to C:\Program Files\Trend Micro\ Hijack This.
Now VundoFix is scanning..

 

[xxdanielxx]

ok make sure to attach the file

 

[shadowstalker]

VundoFix did a full scan and said, "Done searching for files. No infected files were found".

Here's the attatchment for hjt..

 

[xxdanielxx]

looks like You have a CoolWebSearch infection.

Download CWShredder Here to its own folder.

Update CWShredder

• Open CWShredder and click I AGREE
• Click Check For Update
• Close CWShredder

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

 

[xxdanielxx]

also download combofix from the link below and run it but make sure to disable any virus,firewall or spyware protection be for running. Then attach the log

ComboFix

 

[shadowstalker]

Did it and it said, "CoolWebSearch infection was not found"

 

[xxdanielxx]

ok run the combofix and post the log

 

[shadowstalker]

ComboFix report

 

[xxdanielxx]

Ok can you post a fresh hijackthis log but before you do go to

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

and change HijackThis to Crusty

 

[shadowstalker]

I tried and it said it might become unstable if I change it..

 

[shadowstalker]

As in change do you mean rename?

 

[xxdanielxx]

hmm you did not have it running while you tried to change the name

 

[shadowstalker]

no, it wasn't running

 

[xxdanielxx]

and you are renaming the the application not the folder right

HijackThis.exe

 

[shadowstalker]

I'm not sure if I did it right, but here it is..

 

[xxdanielxx]

your log looks a-lot better do you know what this is if not run hijackthis and place a check next to the items below

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60311
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60311


Also how is your computer running now