Unknown Virus

  1. 22-07-2005  #1
    steinvommars
    steinvommars is offline Newbie

    Unknown Virus

    Please help me remove the viruses from my system. I dont know what to do.


    Logfile of HijackThis v1.99.1
    Scan saved at 09:40:36, on 22/07/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINNT\System32\llssrv.exe
    C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Dfssvc.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\imejpmgr.exe
    C:\WINNT\system32\BacsTray.exe
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\system32\PROMon.exe
    C:\WINNT\system32\phqghume.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\supervisor.exe
    C:\WINNT\system32\wuauclt.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\system32\conime.exe
    C:\HKT\hijackthis.exe

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\tlxoatmu.slt\prefs.j s)
    O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [Security Antivirus Xp 1] inetfor.exe
    O4 - HKLM\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
    O4 - HKLM\..\RunServices: [Security Antivirus Xp 1] inetfor.exe
    O4 - HKLM\..\RunServices: [Optional Web Drivers For WIN32] phqghume.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [Security Antivirus Xp 1] inetfor.exe
    O4 - HKCU\..\Run: [supervisor.exe] C:\WINNT\supervisor.exe
    O4 - HKCU\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{23F7EB34-0B27-47DE-B1B4-A543D0C87C07}: NameServer = 172.16.6.50,61.95.140.161
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98B6212C-518C-4250-8A4C-723957113D1D}: NameServer = 172.16.6.50,172.16.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{23F7EB34-0B27-47DE-B1B4-A543D0C87C07}: NameServer = 172.16.6.50,61.95.140.161
    O17 - HKLM\System\CS2\Services\Tcpip\..\{23F7EB34-0B27-47DE-B1B4-A543D0C87C07}: NameServer = 172.16.6.50,61.95.140.161
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\system32\mapi32.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: ViRobot for WinNT(tm) Monitoring (vrmonsvc) - Unknown owner - C:\Program Files\ViRobot NT\vrmonsvc.exe (file missing)
    O23 - Service: ViRobot for WinNT(tm) Update (vrupsvr) - Unknown owner - C:\Program Files\ViRobot NT\vrupsvr.exe (file missing)
    Last edited by steinvommars; 22-07-2005 at 05:24 AM. Reason: not to show some personnal website names

  3. 22-07-2005  #2
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,steinvommars & Welcome

    Ok before we get started here do this please

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/hou.../start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    & once you do that get this prog here

    Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

    First:
    Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    The update will start and a progress bar will show the updates being installed.
    Once the updates are installed do the following:
    • Click on scanner
    • Make sure the following boxes are checked before scanning:
      • Binder
      • Crypter
      • Archives
    • Click on Start Scan
    • Let the program scan the machine
    While the scan is in progress you will be prompted to clean files, click OK

    Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop

    after running both the online Virus scan & ewido security suite

    i want you to run not walk to Windows update & get that IE updated
    you need to get it then like right away you are running a W-------ay
    out of date IE.

    Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.

    & we will be more then happy here to help you get all cleaned up

    HGD
+ Reply to Thread
« Infected: 180Search, Res:shdoclc.dll and more | Slow Shutdown & HiJack This Log »