Options
Annoying as Hell
I know I made the first mistake by downloading a suspicious rar file. My second mistake was running the executable inside. >_>; Now I'm paying the price.
Here are my "symptoms".
Many sites refuse to load. My system is constantly freezing up. It's hell -_-;
Here's my HiJack This! log. Nothing is working. AVG is my only protection, and it can't update and I can't download any programs because sites don't work. All links on Google.com search results redirect to something else.
Meh, I know this is a cause of my own cockiness that nothing will happen.
http://img225.imageshack.us/img225/1729/88481757ae3.jpg
If someone could help, it'd be very appreciated. At this point, I'm not seeing any resolution.
EDIT: Also, my AIM and everything on my computer says "VIRUS ALERT", as you can see from the HiJack This! log.
Here are my "symptoms".
Many sites refuse to load. My system is constantly freezing up. It's hell -_-;
Here's my HiJack This! log. Nothing is working. AVG is my only protection, and it can't update and I can't download any programs because sites don't work. All links on Google.com search results redirect to something else.
Meh, I know this is a cause of my own cockiness that nothing will happen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49: VIRUS ALERT!, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\AIM6\aim6.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\AVG\AVG8\avgui.exe
D:\Program Files\AVG\AVG8\avgscanx.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F3 - REG:win.ini: run="D:\Documents and Settings\Lephrakhan\Application Data\Adobe\Manager.exe"
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - D:\WINDOWS\xml2u32h.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - D:\WINDOWS\wnlmdakqlag.dll
O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - D:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: xokvrpwg - {BF225922-D636-42E3-AE18-F211CFD62F88} - D:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {83CB1741-1D8F-4551-A8EB-297F624EB7CB} - D:\WINDOWS\tfnslopk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
--
End of file - 6584 bytes
HiJack This! Log.http://img225.imageshack.us/img225/1729/88481757ae3.jpg
If someone could help, it'd be very appreciated. At this point, I'm not seeing any resolution.
EDIT: Also, my AIM and everything on my computer says "VIRUS ALERT", as you can see from the HiJack This! log.
0
Comments
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Also available here.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
Installed Programs
Please could you give me a list of the programs that are installed.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead