HELP! Computer slower than usual, random popups. Spyware?

Question

zombie-teeth 0 Newbie Poster

16 Years Ago

It all started when i went looking a trial version of Microsoft Office. I think i went to a website that i shouldn't have and tried to download a trial version of Microsoft Office 2007. After i downloaded this file and closed the browser, random pop-ups popped up informing me of spyware. Icons entitled "uncensored porn" and some other icons were randomly placed on my desktop. I've tried to delete them, but they just come back. A yellow triangle in my taskbar (much like the one from norton antivirus pops up named "windows security alert" and says that i don't have an antivirus program and advises me to download software. Also random internet explorer browsers that don't load would pop up.. but i use firefox, and these browsers are hard to close, it may take up to min after i had right clicked and pressed close. My computer and internet is slower than usual, and it would be if someone could help me with this problem before it gets worse.. Thank you :)

Here are my AVG and HJT logs:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:19:26 AM 2/11/2008

+ Scan result:

C:\WINDOWS\system32\ntload.sys -> Backdoor.Delf.azr : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeannie\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Ignored.
:mozilla.235:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.867:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.226:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.530:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.531:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.532:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.533:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.534:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.535:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.536:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.537:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.286:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.880:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.881:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.493:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.500:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.782:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.795:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.941:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.250:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.251:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.560:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.679:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.73:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.76:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.77:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.551:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.552:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.553:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.554:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.555:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.556:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.557:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.549:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.550:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.849:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Kenny\Cookies\kenny@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.404:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.405:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.406:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.257:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.258:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.259:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.100:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.847:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.848:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.940:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.789:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.280:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.281:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.282:C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\oeyi8lyv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
D:\System Volume Information\_restore{8CFED3DB-CED1-4BB1-B983-EA681FBD594E}\RP489\A0070129.com -> Trojan.NSAnti.r : Cleaned with backup (quarantined).
C:\Program Files\xloader30029.exe -> Trojan.Qhost.abh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.nl : Cleaned with backup (quarantined).

::Report end

====================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:55 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jeannie\Desktop\HJT\HiJackThis.exe

R3 - URLSearchHook: Yahoo! μ?o?Io - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvmal.dll,startup
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cca06a8b] rundll32.exe "C:\WINDOWS\system32\bpwjhydo.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161648321031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O21 - SSODL: ChkSys - {607b215a-ac7e-4330-be5d-745a04c0590a} - C:\WINDOWS\Installer\{607b215a-ac7e-4330-be5d-745a04c0590a}\ChkSys.dll
O21 - SSODL: zip - {7abef84f-fe4e-4602-a21f-589246584318} - C:\WINDOWS\Installer\{7abef84f-fe4e-4602-a21f-589246584318}\zip.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 14242 bytes

Once again i thank you everyone in advance. I really appreciate all the help!

windows-virus

3 Contributors
6 Replies
217 Views
6 Days Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

maui_mallard 9 Veteran Poster

16 Years Ago

Oh yeah I had the exact same thing...

The first thing I tried is a system restore...Try that...It didn't work for me when I had that..

The second thing..based on what happens when you try the system restore..you will either have your computer working or you will be back here looking for more answers...If you come back try to download Windows Defender and see what happens..

The spy-ware can get worse..It does like a continuous loop of restarting....

Lastly..What I have said so far is just a warm-up sort of thing..I didn't finish reading all your logs but im working on that currently

maui_mallard 9 Veteran Poster

16 Years Ago

O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll

I think this is the only thing as far as I can see....
Try This....

(If You have to print out these instructions)

1. Unplug your Internet cable from your computer (If it is hijacked you want to end the connection)

2. Go to My Computer> Control Panel > Add or Remove Programs..

Your looking for any toolbars that are installed on your computer..The one your looking for should be like Winsec Toolbar....

If you can't find it go to C:\WINDOWS\system32\winsec.exe
and delete this... then repost the HijackThis log

Hope this works

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

zombie-teeth 0 Newbie Poster · Answer 1 · 2008-02-13T06:33:05+00:00

Yeah, i tried the system restore. It didn't really seem to have an affect. And for some reason, my desktop has now bee hijacked. It's blue with a yellow square in the middle that says"warning spyware detected on your computer" and tells me to go download an antivirus program. And more signs of spyware has appeared ie more random pop-ups. I have just downloaded Windows defender, I'll post the results after it has finished scanning.

Thank you for taking the time to look at my logs!

zombie-teeth 0 Newbie Poster · Answer 2 · 2008-02-15T08:54:59+00:00

Yeah it gets worse and worse everytime i turn on my comp.. My control panel has been disabled. So i cant even go to it. and i think its even blocked my internet connection..

maui_mallard 9 Veteran Poster · Answer 3 · 2008-02-16T02:37:23+00:00

Have you tried getting into your computer through Safemode?

gerbil 216 Industrious Poster · Answer 4 · 2008-02-18T07:37:36+00:00

Hello, zombie... especially for you.
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode.
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Post the results from those two plus a fresh hijackthis log, pls.