|
-
June 29th, 2008, 12:30 PM
#1
Virus on Computer
Hello,
I have a virus that has somehow caused me to be banned from your site. I can't contact the administrator because I can't pass the Nospam question. I'm having someone else post this for me. This virus is causing my computer to crash, web pages load slowly or not at all, and it blocks some security updates. I've run a lot of scans and I've included here my Hijackthis log, Ad-aware log (could not delete some privacy objects), and a Kaspersky log that found an infection that was locked but could not delete. (Don't know if they just wanted me to buy the software). Can you let me know what to delete from my hijackthis log and how I can get unbanned from your site? Thank you very much.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:16 PM, on 2008/06/28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dsl-cache.saix.net:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/game...x.1.0.0.55.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109712390259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124027802222
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.serviceseta.org.za/scarce...ts/arview2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/game...tched/main.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O24 - Desktop Component 1: Microsoft Investor Active Desktop Ticker - http://www.microsoft.com/windows/ie/...nts/ticker.htm
--
End of file - 6584 bytes
Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-06-2807:19:44
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:HOME-ACER76
Name of user performing scan:SYSTEM
Name of user ordering scan:Jeanne
Scan completed successfully
System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:1
Processor type:AMD Duron(tm) Processor
Memory Available:32%
Total Physical Memory:267898880 Bytes
Available Physical Memory:85401600 Bytes
Total Page File Size:648724480 Bytes
Available On Page File:298110976 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1923567616 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,7
Ad-Aware2007.exe 7.0.2.7
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
[to top]
Database Info
Version number:92
Build Number:0
Build Date and Time:2008/06/1614:00:17
[to top]
Scan Statistics
Method:Smart
Items Scanned:119773
Infections Detected:36
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 36 36
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat anad.tacoda.net /PC /
[600000295] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat adtech.de JEB2 /
[600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat mediaplex.com svid /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat atdmt.com AA002 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net NETID01 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net NETSEGS_K05539 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net rsi_cls_1000000 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net rsi_segs_1000000 /
[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat doubleclick.net id /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat media.adrevolver.com BIGipServerar-slave /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat adrevolver.com adrev_adpath /
[600000201] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat adrevolver.com adrev_adpath2 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com pv1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com fl_inst /
[600000447] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat apmebf.com S /
[600000050] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat tribalfusion.com ANON_ID /
[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat specificclick.net dmc /
[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat specificclick.net dmk /
[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat specificclick.net smc /
[600000073] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat specificclick.net smk /
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat fastclick.net pjw /
[600000138] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat fastclick.net pluto /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat zedo.com ZEDOIDX /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat zedo.com ZEDOIDA /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat zedo.com geo /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat zedo.com FFcat /
[600000000] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat zedo.com FFad /
[600000596] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad1.emediate.dk hd_uid /
[600000596] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad1.emediate.dk eas_pc /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat hitbox.com CTG /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat hitbox.com WSS_GW /
[600000126] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ehg-foundation.hitbox.com DM5307296NDDV6 /
Quarantined Objects
Family Id Name Category TAI
Removed Objects
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000400] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat anad.tacoda.net /PC /
[600000295] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat adtech.de JEB2 /
[600000263] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat mediaplex.com svid /
[600000179] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat atdmt.com AA002 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net NETID01 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net NETSEGS_K05539 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net rsi_cls_1000000 /
[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat revsci.net rsi_segs_1000000 /
[600000144] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat doubleclick.net id /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com vuday1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com pv1 /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com ih /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com bh /
[600000460] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeanne\Cookies\index.dat ad.yieldmanager.com fl_inst /
[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
