System Security 4.52

View previous topic View next topic Go down

System Security 4.52

Post by bigmac on Wed Jul 15, 2009 11:37 pm

Hi,
This virus comes up every time I start computer. It will not let me open anything and constantly id giving me warnings that everything is infected. Please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:41 PM, on 7/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\18945694\18945694.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\CDROMBBv14.0\CDROMBB\SomBB.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brian\Downloads\winlogon(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program

Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program

Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -

startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179541934

\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926

\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3

\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [18945694] C:\ProgramData\18945694\18945694.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files\Snapfish

PictureMover\PictureMover.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect

Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]

\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office

X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program

Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4

-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

[You must be registered and logged in to see this link.]
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) -

[You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

[You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

[You must be registered and logged in to see this link.]
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - [You must be registered and logged in to see this link.]

-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

[You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EB0D8F-09DB-43E3-8B52-644F8ACC055C}: NameServer

= 85.255.112.232,85.255.112.234
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer =

85.255.112.232,85.255.112.234
O17 - HKLM\System\CS13\Services\Tcpip\..\{30EB0D8F-09DB-43E3-8B52-644F8ACC055C}: NameServer

= 85.255.112.232,85.255.112.234
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer =

85.255.112.232,85.255.112.234
O17 - HKLM\System\CS14\Services\Tcpip\..\{30EB0D8F-09DB-43E3-8B52-644F8ACC055C}: NameServer

= 85.255.112.232,85.255.112.234
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer =

85.255.112.232,85.255.112.234
O17 - HKLM\System\CS15\Services\Tcpip\..\{30EB0D8F-09DB-43E3-8B52-644F8ACC055C}: NameServer

= 85.255.112.232,85.255.112.234
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.232,85.255.112.234
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8

\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation -

C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32

\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1

\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. -

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program

Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common

Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 12451 bytes

bigmac
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-07-15
OS OS : XP
Points Points : 26993
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 4.52

Post by Belahzur on Thu Jul 16, 2009 12:03 am

Hello.
Please re-post the log, can't read that.

p.s. Go into the Function menu > untick "Word Wrap"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum