Everything here, Virus, Spyware and Brower Hijack

  1. 25-04-2005  #1
    anadora
    anadora is offline Newbie

    Everything here, Virus, Spyware and Brower Hijack

    I am trying to help a young friend clean up her computer. I get rid of one thing and something else pops up. I probably have too many spyware removers downloaded but feel kind of desperate as the viruses pop up faster than I can delete them. I cannot do windows update even because I get a message that because of the security settings ActiveX controls cannot be run on the page but each time I reset the security panel to custom etc as advised by microsoft they revert to the original. I even installed AOL hoping it would let me install security updates but get the same error message.
    Any help would be appreciated. Here is the hijack log
    Logfile of HijackThis v1.99.1
    Scan saved at 3:08:48 AM, on 4/25/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\fteqfpu\xxpwax.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\uixs\mvoaqe.exe
    C:\WINDOWS\System32\stuvqu\jwpll.exe
    C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
    C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\boavqidw\gohn.exe
    C:\WINDOWS\System32\bipwbp\rbbrtd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\AMERIC~1.0\aoltray.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\America Online 7.0\waol.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\dbkimg.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\dbkimg.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\dbkimg.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O1 - Hosts: 216.39.69.102 view.atdmt.com
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [rsbhrd] C:\WINDOWS\System32\mrtt\rsbhrd.exe
    O4 - HKLM\..\Run: [oxsklwfk] C:\WINDOWS\System32\ndbgmcv\oxsklwfk.exe
    O4 - HKLM\..\Run: [rimbs] C:\WINDOWS\System32\ppnek\rimbs.exe
    O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [mvoaqe] C:\WINDOWS\System32\uixs\mvoaqe.exe
    O4 - HKLM\..\Run: [qjabunbs] C:\WINDOWS\System32\lyvun\qjabunbs.exe
    O4 - HKLM\..\Run: [vdve] C:\WINDOWS\System32\cbfqcgv\vdve.exe
    O4 - HKLM\..\Run: [qngpde] C:\WINDOWS\System32\tayp\qngpde.exe
    O4 - HKLM\..\Run: [ocyq] C:\WINDOWS\System32\onyumcnf\ocyq.exe
    O4 - HKLM\..\Run: [guxji] C:\WINDOWS\System32\rakdyu\guxji.exe
    O4 - HKLM\..\Run: [gohn] C:\WINDOWS\System32\boavqidw\gohn.exe
    O4 - HKLM\..\Run: [rbbrtd] C:\WINDOWS\System32\bipwbp\rbbrtd.exe
    O4 - HKLM\..\Run: [jwpll] C:\WINDOWS\System32\stuvqu\jwpll.exe
    O4 - HKLM\..\Run: [xxpwax] C:\WINDOWS\System32\fteqfpu\xxpwax.exe
    O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
    O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\dbkimg.exe
    O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\fyobrb.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_1_2_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{849CE8B4-2CC1-4853-9392-36D69651785E}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: gohnboavqidw - Unknown owner - C:\WINDOWS\System32\boavqidw\gohn.exe
    O23 - Service: oxsklwfkndbgmcv - Unknown owner - C:\WINDOWS\System32\ndbgmcv\oxsklwfk.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
    O23 - Service: qngpdetayp - Unknown owner - C:\WINDOWS\System32\tayp\qngpde.exe
    O23 - Service: rbbrtdbipwbp - Unknown owner - C:\WINDOWS\System32\bipwbp\rbbrtd.exe
    O23 - Service: rsbhrdmrtt - Unknown owner - C:\WINDOWS\System32\mrtt\rsbhrd.exe
    O23 - Service: vdvecbfqcgv - Unknown owner - C:\WINDOWS\System32\cbfqcgv\vdve.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  3. 13-05-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    If you still require help, could you post a fresh log. Thanks and apologies about the response time.
+ Reply to Thread
« virus's driving me mad !! | Newby spyware prob »