Jump to content
Sign in to follow this  
Mitch

Ad-aware not working

Recommended Posts

Hello There,

 

Can somebody help me out?

 

I ran my Norton Antivirus, ewido, trend micro, and microsoft scanner and they all cleaned off a ton of viruses and spyware but when I run my Ad-aware it freezes up after a few seconds....hmmm...so I decided to run a Hijackthis log to see if there is something else on my computer that may be causing this problem.

 

Here is my Hijack log:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:48:04 AM, on 6/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\SYSWB6.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\Winkb6.exe

C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

C:\Program Files\BigFix\BigFix.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Documents and Settings\Owner\My Documents\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0409&os=5&src=1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

O1 - Hosts: 204.244.184.143 SafeWeb.com

O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyw.dll

O2 - BHO: (no name) - {58800204-a2b3-4536-b87a-04997d4228a4} - C:\WINDOWS\system32\avtmos.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\ddcyv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EarthLink Installer] " /C

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sYSWB6] SYSWB6

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab

O20 - Winlogon Notify: avtmos - C:\WINDOWS\SYSTEM32\avtmos.dll

O20 - Winlogon Notify: awtss - awtss.dll (file missing)

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\SYSTEM32\ddcyv.dll

O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: sstts - sstts.dll (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Thank you for your help,

Mitch :)

Share this post


Link to post
Share on other sites

i didnt look at the HJT log but try the trial version of "Xoftspy", its a brilliant little piece of software that will find everything bad on your system.

 

i found advise to try it in another forum and i found infections on my system that nothing else would find! no need to uninstall adaware to use it and there is no need to buy if you dont like it.

 

wait until a Forum Staff Member or a Member of the Trusted HJT Advisor Group has reviewed and approved any advice given here before proceeding any further...... Jacee

http://forums.pcpitstop.com/index.php?showtopic=101899

Edited by Jacee

Share this post


Link to post
Share on other sites

Hello,

 

I wanted to add another comment to my previous Hijack this log.

 

I dl and installed the Trend Micro PC-cillin AV, AS, AHacker software and it found two viruses that it cannot delete but it did give me the names of them.....

 

They are called (Trojan) Conhook.AH and it is under C:\windows\system32\AVTMOS.dll and the second one is called (Trojan) Conhook.H and it is under C:\windows\system32\ddcyv.dll

 

Can you help me delete these off of my computer?

 

Thanks,

Mitch :)

Share this post


Link to post
Share on other sites

Hi Mitch, sorry about the wait. Another member decided to change your post count and it looked like you were being helped.

 

I want to make sure you know your have these installed: C:\WINDOWS\system32\SYSWB6.exe and C:\WINDOWS\system32\Winkb6.exe. They seem to deal with parental software. I would also like to make sure you placed these in your Host file:

O1 - Hosts: 204.244.184.143 SafeWeb.com

O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com

 

You have a nasty vundo infection, looks like two of them, please follow the instructions here:

 

http://www.atribune.org/content/view/24/2/ Once that is done, then do this:

 

 

(some items may be gone, removed by VundoFix so do not be concerned, just do not miss any)

 

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyw.dll

O2 - BHO: (no name) - {58800204-a2b3-4536-b87a-04997d4228a4} - C:\WINDOWS\system32\avtmos.dll

O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\ddcyv.dll

O20 - Winlogon Notify: avtmos - C:\WINDOWS\SYSTEM32\avtmos.dll

O20 - Winlogon Notify: awtss - awtss.dll (file missing)

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\SYSTEM32\ddcyv.dll

O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll

O20 - Winlogon Notify: sstts - sstts.dll (file missing)

 

Close all programs but HJT and all browser windows, then click on "Fix Checked"

 

Enable hidden files&folders..reverse the process when finished.

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

RIGHT Click on Start then click on Explore. Locate and delete these items:

 

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)

Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

 

Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp

Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

 

Post a new HJT log along with any comments you think will help. This is a start and we may well have more work to do??

 

Your Java program is outdated and speculation is that this is how Vundo is getting in:

C:\Program Files\Java\j2re1.4.2\bin\ <<< outdated. Use the information in this link to fix that security breach:

http://forums.spybot.info/showpost.php?p=12880&postcount=2

 

Thanks...pskelley

Trusted HJT Advisor

PCPitStop forum

Share this post


Link to post
Share on other sites

Hello Kelly,

Thank you for the help.

 

I did what you said.

 

After uninstalling the older version of Java, I decided not to reinstall the newer version just yet. By the way, do I really need to install Java?

 

The answer to your question about the SYSWB6 and Winkb6 is that I had that installed to filter out bad websites. It is called WE-Blocker and it is free. By the way, what is a Host file?

 

The only two line items that I couldn't check off to "fix" when I did a hijack this scan was the ATLdistrib Object and the Winlogon notify:gebyw - C:\Windows\system32\gebyw.dll

 

Anyway here is updated Hijack this log:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:01:56 AM, on 6/19/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\SYSWB6.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\Winkb6.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Documents and Settings\Owner\My Documents\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0409&os=5&src=1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711

O1 - Hosts: 204.244.184.143 SafeWeb.com

O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {58800204-a2b3-4536-b87a-04997d4228a4} - C:\WINDOWS\system32\avtmos.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\ddcyv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EarthLink Installer] " /C

O4 - HKLM\..\Run: [sYSWB6] SYSWB6

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O20 - Winlogon Notify: avtmos - C:\WINDOWS\SYSTEM32\avtmos.dll

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\SYSTEM32\ddcyv.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

Thanks,

Mitch

 

P.S. - I forgot to tell you that when I did the CCleaner thing, they found 218 items to repair but they would only fix 20 items without making my pay so I only did 20 items.

 

Plus it looks like I still have the viruses even after I "fixed" them with the Hijack this scan.....hmmmm....but my Trend Micro AV software is no longer freaking out like before so my computer is acting like they have been removed....hmmm..strange.

Edited by Mitch

Share this post


Link to post
Share on other sites

After uninstalling the older version of Java, I decided not to reinstall the newer version just yet. By the way, do I really need to install Java?

That would be up to you, a lot of things are not going to work without either the the Microsoft® Java Virtual Machine (MSJVM), Sun Microsystems software, read about it in these links:

http://www.microsoft.com/mscorp/java/

http://www.sun.com/java/

 

P.S. - I forgot to tell you that when I did the CCleaner thing, they found 218 items to repair but they would only fix 20 items without making my pay so I only did 20 items

CCleaner is free, I use it on three machines all of the time. I have no idea what choices you made when downloading to get it to ask you to pay? Try removing it and downloading it again.

 

Here is a nice cleaning tool if you want to try it, download link and screenshots of the tool are here:

http://www.atribune.org/forums/index.php?showtopic=1332

 

 

The two lines you mentioned was the vundo trojan, and I was hoping VundoFix would also remove:

 

O2 - BHO: (no name) - {58800204-a2b3-4536-b87a-04997d4228a4} - C:\WINDOWS\system32\avtmos.dll

O20 - Winlogon Notify: avtmos - C:\WINDOWS\SYSTEM32\avtmos.dll

 

 

O2 - BHO: (no name) - {BDF90A20-C0DA-4FAE-95A2-AAA4D4D32B08} - C:\WINDOWS\system32\ddcyv.dll

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\SYSTEM32\ddcyv.dll

 

These are trojans no doubt, the first one does not even identify, the second is: http://se.trendmicro-europe.com/enterprise...=TROJ_CONHOOK.H

and Trend offers removal instruction if you want to try them??

 

I would like to see if the free trial version of SpySweeper will remove them. Hard to find the free trial version, use this link:

http://www.webroot.com/consumer/products/s...er/latestv.html

scroll all the way down until you see: Spy Sweeper 4.5 - Free Trial

Then use these instructions:

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

 

You will be prompted to check for updated definitions, please do so.

(This may take several minutes)

 

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

 

Click on Sweep and allow it to fully scan your system.

 

When the sweep has finished, click Remove. Click Select All and then Next

 

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

 

Exit Spy Sweeper.

 

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

 

also post a new HJT log.

 

Thanks.

Share this post


Link to post
Share on other sites

Hello pskelley,

I tried to do what you said but my Internet Explorer is completely shut down now. So I used my other computer to go to Trend Micro website to get directions on how to get rid of this virus.

 

My question is when they (Trend) says to type in the "malware file name" to be deleted, what does the malware file name look like exactly? can you give me an example please?

 

Thanks,

Mitch :)

Share this post


Link to post
Share on other sites

Hello pskelley,

I forgot to mention that when I tried to click on your link to webroot my safety filter blocked it so I un-installed it (We Blocker) and when I did that my internet explorer shut down completely so I tried to get to the webroot link from my other computer but I first just turned off the WE Blocker and that also shut down my internet explorer?? I don't understand why that happened? hmmmm.....

 

Mitch :)

Share this post


Link to post
Share on other sites

Hey Mitch, sorry you are having so many problems :geezer: There are lots of good tools but if you can't use them?

 

tried to do what you said but my Internet Explorer is completely shut down now

In the event these infections have corrupted or deleted a necessary file, try running system file checker. Have your Windows CD handy in the event the file can't be located on the computer.

http://www.updatexp.com/scannow-sfc.html

 

When Trend is asking for the file name, it wants the complete pathway of the file, this is an example: C:\WINDOWS\SYSTEM32\avtmos.dll

 

Let me know if I can help more, you can get a quick PM to me here:

http://forums.pcpitstop.com/index.php?showuser=24733

 

Thanks...Phil

Share this post


Link to post
Share on other sites

Sorry Mitch but I have no knowledge of the WE Bloacker, but it sure sounds like it is involved in your trouble with Internet Explorer.

Here is a little info from CastleCops: http://www.castlecops.com/startuplist-4400.html and the website: http://weblocker.fameleads.com/

http://weblocker.fameleads.com/tech_support/index.asp <<< there is a toll free number near the bottom. As I said, I have not seen this software installed before. You might want to query tech support about the issues it is causing.

 

I will also suggest that I am trying to find a program that will remove the balance of your malware, if you can't get SpySweeper, then try the new ewido 30 day trial. It will work best if run in safe mode.

 

ewido 4.0 instructions by rstones

 

First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.

    Once the scan is complete do the following:

  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Restart so the changes can be made and post the ewido scan report and a new HJT log.

 

Hope this helps...Phil

Share this post


Link to post
Share on other sites

No response from this member since: 7:50am Sun Jun 25 2006

 

Topic is closed

 

Thanks...pskelley

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×