phvakil

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by phvakil

  1. Virus Problem :( - Your Help Much Appreciated :)[INACTIVE]

    in Malware Removal

    Posted

    Hi, I'm trying to fix my laptop. It takes a long time for windows xp to load and when ever I type a search in Google a pop up comes up. I ran Kaspersky Online Scanner and it said there were 6 viruses...I will post both my hijackthis.log and virus scan results. Thank you for your help.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:42:23 PM, on 11/21/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\xgykbvjh.exe

    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

    C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Harish Vakil\My Documents\HJT\HJTInstall.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1149026369

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {089E4E86-94F2-485D-A073-94B857D5E202} - (no file)

    O2 - BHO: (no name) - {0BE9877F-6FF7-4C11-8466-165888DC1CCB} - C:\WINDOWS\system32\ddaba.dll

    O2 - BHO: {9238f831-6fdf-1478-a084-9785d83b4554} - {4554b38d-5879-480a-8741-fdf6138f8329} - C:\WINDOWS\system32\ttugcssu.dll

    O2 - BHO: (no name) - {586CE097-554C-4372-89CB-1AD401503330} - (no file)

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [7053a207] rundll32.exe "C:\WINDOWS\system32\lldritsm.dll",b

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab

    O20 - Winlogon Notify: jkhff - C:\WINDOWS\

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe

    O23 - Service: DomainService - - C:\WINDOWS\system32\xgykbvjh.exe

    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - IntelĀ® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --

    End of file - 7426 bytes

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Wednesday, November 21, 2007 3:32:36 PM

    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 21/11/2007

    Kaspersky Anti-Virus database records: 463062

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    C:\

    D:\

    Scan Statistics:

    Total number of scanned objects: 70407

    Number of viruses found: 6

    Number of infected objects: 13

    Number of suspicious objects: 0

    Duration of the scan process: 01:17:12

    Infected Object Name / Virus Name / Last Action

    C:\check_LSA7.txt Object is locked skipped

    C:\Deckard\System Scanner\backup\DOCUME~1\HARISH~1\LOCALS~1\Temp\jiygrtic.exe Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Deckard\System Scanner\backup\DOCUME~1\HARISH~1\LOCALS~1\Temp\xrun.exe Infected: Trojan-Downloader.Win32.Agent.dxj skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temp\~DFC573.tmp Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temporary Internet Files\Content.IE5\2FYOIXZW\poiu[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temporary Internet Files\Content.IE5\72A0Y2Q2\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\Local Settings\Temporary Internet Files\Content.IE5\YPOP3CT4\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Documents and Settings\Harish Vakil\ntuser.dat Object is locked skipped

    C:\Documents and Settings\Harish Vakil\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0047588.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP467\A0048097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP468\A0048436.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP468\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{06941483-16FD-4BE6-9EAA-2D1C877C665F}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\lldritsm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\WINDOWS\system32\smrybvur.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\WINDOWS\system32\ssqpono.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\system32\xgykbvjh.exe Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\WINDOWS\system32\xxywuuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat Object is locked skipped

    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.