Continuous Issues With Different Aspects Of Comp[INACTIVE]

cyberdeck

By cyberdeck,
in Malware Removal

 Share Followers 0

Recommended Posts

cyberdeck

cyberdeck

Posted
Posted

Hi,

My current specific problem that I can describe is a warning that pops up that says "Access violation at address 00000000 Read of address 00000000" and "Access violation at address 69465405 Read of address 69465405". Another is that the folder for system 32 opens on start and closes really fast so I only got bits of what it says. "system32" "system.com" "Aswmond.sys"

I have just gone through 4 months of having the audio on my computer mostly often not work at all and then it started working partially.

I have had my system crashing repeatedly for 2 months. It just stopped.

For all these issues, I ran Ad-aware, Avg Anti-rootkit, Avg Antispyware, Avg Antivirus personal edition, Spybot search and destroy. I run Avg and Spybot search and destroy every day.

I have run Hijack this, below are the results.

Any help in finding issues and optimizing my system would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:26:31 PM, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware 2008\aawservice.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\CDBurnerXP\NMSAccessU.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Video Software\StarBurn\StarWind\StarWind Lite\StarWindServiceLite.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\RTHDCPL.EXE

D:\PROGRA~1\Returnil\Returnil\Returnil.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\uTorrent\uTorrent.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Pando Networks\Pando\Pando.exe

D:\Program Files\PeerGaurdian - IP Blocklist\PeerGuardian2\pg2.exe

D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

D:\Program Files\eFax Messenger 4.2\J2GTray.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

D:\Program Files\Skype\Plugin Manager\skypePM.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - D:\Program Files\eRead\eREAD\EasyRead.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - D:\Program Files\eRead\eREAD\WebHook.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [eFax 4.2] "D:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe Reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Rvsystem] D:\PROGRA~1\Returnil\Returnil\Returnil.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Pando] "D:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGaurdian - IP Blocklist\PeerGuardian2\pg2.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4" -"http://www.iwon.com/home/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=4&gameId=505&browser=FF"

O4 - HKCU\..\RunOnce: [spybotDeletingB2589] command /c del "D:\WINDOWS\SchedLgU.Txt"

O4 - HKCU\..\RunOnce: [spybotDeletingB5875] command /c del "D:\WINDOWS\SchedLgU.Txt"

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: eFax 4.2.lnk = D:\Program Files\eFax Messenger 4.2\J2GTray.exe

O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190536019625

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190608688265

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F57502D4-20B9-46BE-88F7-A1EEF3D4B932}: NameServer = 68.87.76.178,68.87.78.130

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2008\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Video Software\Alex Feinman-ISO Recorder\ImapiHelper.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind Service Lite (StarWindServiceLite) - Rocket Division Software - D:\Program Files\Video Software\StarBurn\StarWind\StarWind Lite\StarWindServiceLite.exe

--

End of file - 10587 bytes

Thank you.

Link to post
Share on other sites
sarahw

sarahw

Posted
Posted

Hi there!

1.

D:\Program Files\uTorrent\uTorrent.exe

Please turn off UTorrorent for a few days untill we fix this problem. If it is starting when you turn on your computer, turn off that feature.

2.

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

While Spybot is a good tool, I want you to uninstall it for now. We will reinstall it shortly. It can effect changes we make to your system. Click Start, then Control Panel then Add/Remove Programs. Locate Spybot and uninstall.

3.

Do you know what these IP's are:

68.87.76.178

68.87.78.130

4.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

5.

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    D:\WINDOWS\system32\ALCMTR.EXE


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing