first time help

claudiaclaudia
edited November 2005 in Spyware & Virus Removal
i did everything you said:adaware-avg-antivirus-spywaredoctor-kaspersky antivirus-ewido security suite.
i send my log so you can see it and help me,please :confused:
thank you

Logfile of HijackThis v1.99.0
Scan saved at 1:31:28 PM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\claudia programs\kasp\avpcc.exe
D:\Program Files\security suite\ewidoctrl.exe
D:\claudia programs\kasp\avpm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
D:\claudia programs\kasp\avpcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\CLAUDI~1\SPYWAR~2\swdoctor.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\hjt\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://62.4.84.53/trafc/redir.php?cmp=avs2&nid=sv&uid=32290B384FB311DAAADB000B6AC2AAE3&guid=9c1fc17e+CE9B2E81C6BB40358E9DE7D941C1239F&aid=405&lid=as_02
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\mllmk.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\CLAUDI~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\CLAUDI~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "D:\claudia programs\kasp\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "D:\claudia programs\kasp\avpcc.exe" /wait
O4 - HKCU\..\Run: [Windows Update 32] slsys.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Technology] mswint2k.exe
O4 - HKCU\..\Run: [MediaXPServicePack2] msncx.exe
O4 - HKCU\..\Run: [MS database Service] winsql32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [MS Technology] mswint2k.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack2] msncx.exe
O4 - HKCU\..\RunServices: [MS database Service] winsql32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\CLAUDI~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131394149560
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128965219728
O17 - HKLM\System\CCS\Services\Tcpip\..\{2647C6B7-EFDB-4EDC-B011-1B9300447B36}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - D:\claudia programs\kasp\avpcc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - Unknown - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: KAV Monitor Service - Kaspersky Labs. - D:\claudia programs\kasp\avpm.exe
O23 - Service: Norton Ghost - Unknown - D:\Program Files\Agent\PQV2iSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

Comments

  • ShortyShorty Manchester, UK Icrontian
    edited November 2005
    That looks quite clean to me except :
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://62.4.84.53/trafc/redir.php?c...d=405&lid=as_02

    What problem are you having..?
  • claudiaclaudia
    edited November 2005
    Shorty wrote:
    That looks quite clean to me except :


    What problem are you having..?

    my system unexplicably stopped recognizing my C-D ROM & CD-RW Drives!

    I went into Device Mgr. and there are 2 Yellow ! Points and when I tried to Upgrade Driver the message I got was that they couldn't be recognized and a CODE 39! What does this mean? Can I do something to have them recognized?

    (Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39))


    I had tried to find Updated drivers for the DVD & CD drives but being "Generic" I don't know where to go on the Net to find them!

    also, my antivirus faund:Trojan horse collected.5.L
    Trojan . hacktool.rootkit
    Trojan horse IRC/backdoor.sdbot.189.y
    And when I open o reatart my pc, they come back again
    I want to formate but I don’t have cd-rom….
    (and many other things like:cant install anything, can.t open the control panel, etc,etc)
    My pc isn’t working as it did before


    I'll appreciate any help on this as this JUST HAPPENED by ITSELF!
    :confused:
  • ShortyShorty Manchester, UK Icrontian
    edited November 2005
    Reboot your PC in safe mode with networking (press F8 on machine boot up will give you this list of options).

    Once in to windows (which will report itself into diagnostics mode), navigate your web browser to :

    http://housecall.trendmicro.com

    Click the "Scan Now. It's Free!" link under the segment on the page called "Scan Your PC:".

    That will then run an online based virusscan. This will be able to remove other things that an ordinary antivirus may not be able to deal with when it's running in "normal" Windows mode. It will also list any files that it cannot fix/disinfect for reason or another. If it does list any, post back here with what they are, so we can assess the risk of deleting them.

    As a side note, even if Windows cannot see the drives, your PC will be able to see them to reinstall Windows on :)

    All you need to do in most cases is pop the Windows CD into the CD drive, reboot and press a key when prompted to start the Windows installation :)
  • TroganTrogan London, UK
    edited November 2005
    It looks like you have the virtumondo infection. Do what shorty suggested with the online scan in Safe Mode with Networking.


    Download the latest version of HJT from here:

    http://short-media.com/download.php?dc=69
  • ShortyShorty Manchester, UK Icrontian
    edited November 2005
    Nice diagnosis Trojan :respect:
  • claudiaclaudia
    edited November 2005
    sorry, but I cant do an online scan(or any download), not even in safe mode with networking... :scratch:
  • TroganTrogan London, UK
    edited November 2005
    Well, the online scan is the least of your worries for now.

    Why can't you download?
    What happens?

    Try downloading HijackThis (HJT) again. :)
  • TroganTrogan London, UK
    edited November 2005
    Do you still need help?


    If you communicate with us then we can help :)
Sign In or Register to comment.