Advertisement

02.25.2008 at 08:48AM PST, ID: 23190747
[x]
Attachment Details

virus and trojan removal

Asked by elwopo in HijackThis Software, Security Utilities, Anti-Virus

Tags: microsoft, internet explorer, ie 6, virus / trojan infection

Hello,
I'm running windows xp sp2 and internet explorer 6.
Have recently been infected with several virus / trojan malware. Several to list but some of them were:
generic3, generic6, zlob, and vundo.
Researched the internet and followed some advice found there. So far I have run:
AVG free
Vundofix
Ad-aware
CounterSpy
Spybot
VirtumundoBeGone
CWshredder
Rogue Remover

Sometimes one of these will find something...sometimes not. I've been running them all and trying to delete things through them, and manually when necessary.
I just found about HijackThis and have run it just now. What I have is this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:50 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\apache2triad\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\apache2triad\mail\bin\XMail.exe
C:\apache2triad\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sunbelt

Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) -

{1633C7B8-5923-0FF0-0211-5D00BBBD8DC9} - (no file)
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -

{63E1B5B1-99D6-47C1-A839-3809E790193F} - (no file)
O2 - BHO: (no name) -

{6E60560C-7993-4EC8-8B9E-4D0F5A8BFB03} - (no file)
O2 - BHO: 0 - {8C52C162-6543-4038-2C9E-A6EF82107F12} -

(no file)
O2 - BHO: (no name) -

{a6d063c2-9787-474c-be1f-ac594b3d1403} - (no file)
O2 - BHO: (no name) -

{D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt

Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'Default user')
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage -

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program

Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: Ad-Aware 2007 Service (aawservice) -

Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) -

Apache Software Foundation -

C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL

(Apache2SSL) - Apache Software Foundation -

C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad MySql Service (MySql) -

Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) -

PostgreSQL Global Development Group -

C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc)

- Sunbelt Software - C:\Program Files\Sunbelt

Software\CounterSpy\SBCSSvc.exe
O23 - Service: Apache2Triad Xmail Service (XMail) -

Unknown owner - C:\apache2triad\mail\bin\XMail.exe
O24 - Desktop Component 0: (no name) -

http://www.natlpaintequip.com/images/white.jpg

--
End of file - 4626 bytes


All I can say is that I hope this makes sense to someone...because it's unclear to me. The only thing I found odd was the number of entries in "trusted zone".  I'm not sure what they are and certainly don't remember adding that many myself.

I appreciate any assistance you can offer.

Regards,
TonyStart Free Trial
[+][-]02.25.2008 at 08:58AM PST, ID: 20977121

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 09:09AM PST, ID: 20977201

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 09:10AM PST, ID: 20977209

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: HijackThis Software, Security Utilities, Anti-Virus
Tags: microsoft, internet explorer, ie 6, virus / trojan infection
Sign Up Now!
Solution Provided By: IndiGenus
Participating Experts: 4
Solution Grade: A
 
 
[+][-]02.25.2008 at 09:51AM PST, ID: 20977535

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02.25.2008 at 12:27PM PST, ID: 20978875

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 12:34PM PST, ID: 20978935

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 12:35PM PST, ID: 20978939

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 12:45PM PST, ID: 20979043

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 12:47PM PST, ID: 20979061

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 12:48PM PST, ID: 20979072

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 01:47PM PST, ID: 20979584

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:00PM PST, ID: 20979700

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:34PM PST, ID: 20979959

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:39PM PST, ID: 20979992

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:41PM PST, ID: 20980015

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:46PM PST, ID: 20980057

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 02:48PM PST, ID: 20980063

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.25.2008 at 03:32PM PST, ID: 20980346

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628