0

Hey, I have a "VIRUS ALERT!" notice on the bottom right corner of my taskbar. It also strangely changed my clock to military time. In any case, here is my HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25: VIRUS ALERT!, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gabe\Desktop\ATF-Cleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02ECFC70-4CCC-445B-9F26-E920278207A4} - (no file)
O2 - BHO: (no name) - {077F6650-2B8E-40A5-BE6A-3D132290131E} - (no file)
O2 - BHO: (no name) - {0F19D790-B85C-4FFB-8708-73858B42FF16} - (no file)
O2 - BHO: (no name) - {15379EEB-59A8-41B3-A54B-DADC487B196E} - (no file)
O2 - BHO: (no name) - {20C27E92-B7F7-4634-A9BD-4E4E6AE8B970} - (no file)
O2 - BHO: (no name) - {3D4432D8-EAB2-4F53-BE30-BC8C20275116} - (no file)
O2 - BHO: (no name) - {44AEEC12-145D-4DB4-BA1A-9B4671BCDE67} - (no file)
O2 - BHO: (no name) - {4BCCE840-DC95-423F-8889-A9FF6864E515} - (no file)
O2 - BHO: (no name) - {50C27873-DA8A-4911-BFF4-32AD422F4B10} - (no file)
O2 - BHO: (no name) - {5D3838C9-7B6F-432A-8403-41AE60D8D554} - (no file)
O2 - BHO: (no name) - {5FE99CA8-25A2-4DE7-97D3-FFDCF7443C4E} - (no file)
O2 - BHO: (no name) - {650F7F9D-830C-4D5F-AB38-D294A29FBA22} - C:\WINDOWS\system32\vtUlKBRL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9203AAD0-CA84-4064-899D-8EF46B7F2148} - (no file)
O2 - BHO: (no name) - {B3D5C948-EF59-43CC-8D1D-E6DDF659ED92} - (no file)
O2 - BHO: (no name) - {B7912978-55B7-419B-880E-5595BB2E67D5} - C:\WINDOWS\system32\opnnmLDu.dll (file missing)
O2 - BHO: (no name) - {C0AB3E98-A48C-40CC-80A1-84A7BD49A0EB} - (no file)
O2 - BHO: (no name) - {E3AE52FC-C698-4ADB-9A18-FFFFD81A58AE} - (no file)
O2 - BHO: (no name) - {F4B2B84A-0BCF-42C3-B6DF-6FCB44D5332E} - C:\WINDOWS\system32\fcccATlj.dll (file missing)
O2 - BHO: {c21173e3-6541-ca7b-de64-72cf0a8fa9af} - {fa9af8a0-fc27-46ed-b7ac-14563e37112c} - C:\WINDOWS\system32\pwxeew.dll (file missing)
O2 - BHO: (no name) - {FD5077BC-36C9-4272-B673-BD947530F432} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pwxeew.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SysSetDrive - {50eda071-7050-44f4-bf3b-1fde39191eab} - C:\WINDOWS\Resources\SysSetDrive.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9526 bytes

If anyone can help, please do so. I'd really appreciate it.

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {02ECFC70-4CCC-445B-9F26-E920278207A4} - (no file)
O2 - BHO: (no name) - {077F6650-2B8E-40A5-BE6A-3D132290131E} - (no file)
O2 - BHO: (no name) - {0F19D790-B85C-4FFB-8708-73858B42FF16} - (no file)
O2 - BHO: (no name) - {15379EEB-59A8-41B3-A54B-DADC487B196E} - (no file)
O2 - BHO: (no name) - {20C27E92-B7F7-4634-A9BD-4E4E6AE8B970} - (no file)
O2 - BHO: (no name) - {3D4432D8-EAB2-4F53-BE30-BC8C20275116} - (no file)
O2 - BHO: (no name) - {44AEEC12-145D-4DB4-BA1A-9B4671BCDE67} - (no file)
O2 - BHO: (no name) - {4BCCE840-DC95-423F-8889-A9FF6864E515} - (no file)
O2 - BHO: (no name) - {50C27873-DA8A-4911-BFF4-32AD422F4B10} - (no file)
O2 - BHO: (no name) - {5D3838C9-7B6F-432A-8403-41AE60D8D554} - (no file)
O2 - BHO: (no name) - {5FE99CA8-25A2-4DE7-97D3-FFDCF7443C4E} - (no file)
O2 - BHO: (no name) - {650F7F9D-830C-4D5F-AB38-D294A29FBA22} - C:\WINDOWS\system32\vtUlKBRL.dll (file missing)
O2 - BHO: (no name) - {9203AAD0-CA84-4064-899D-8EF46B7F2148} - (no file)
O2 - BHO: (no name) - {B3D5C948-EF59-43CC-8D1D-E6DDF659ED92} - (no file)
O2 - BHO: (no name) - {B7912978-55B7-419B-880E-5595BB2E67D5} - C:\WINDOWS\system32\opnnmLDu.dll (file missing)
O2 - BHO: (no name) - {C0AB3E98-A48C-40CC-80A1-84A7BD49A0EB} - (no file)
O2 - BHO: (no name) - {E3AE52FC-C698-4ADB-9A18-FFFFD81A58AE} - (no file)
O2 - BHO: (no name) - {F4B2B84A-0BCF-42C3-B6DF-6FCB44D5332E} - C:\WINDOWS\system32\fcccATlj.dll (file missing)
O2 - BHO: {c21173e3-6541-ca7b-de64-72cf0a8fa9af} - {fa9af8a0-fc27-46ed-b7ac-14563e37112c} - C:\WINDOWS\system32\pwxeew.dll (file missing)
O2 - BHO: (no name) - {FD5077BC-36C9-4272-B673-BD947530F432} - (no file)

O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint
C:\Program Files\VAV

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

====

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.