Need some help,*** dumb virus,-log files-identify?

InFlames_44 · 06-09-2007, 04:11 PM

Hey guys, i got this dumb virius and it keeps exiting out of things like..anything to remove it such as hijack this and other programs.
Ive managed to get a log file.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\WINDOWS\system32\aiytgltts\services.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\retadpu32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jeff\Desktop\HijackThis.exe

I got rid of C:\WINDOWS\retadpu32.exe
im positive thats it.but it still keeps closing me out of programs etc
Can anyone help me out ?
do you want the hosts and services log as well?

patrickv · 06-09-2007, 04:45 PM

Quote:

Originally Posted by InFlames_44

C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\retadpu32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

what are the above...never heard of em.
I think they are the culprits

InFlames_44 · 06-09-2007, 04:52 PM

well
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\retadpu32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

Ultramon is a display program for dual monitors.
Provides a whole host of things for wallpaper screensaver toolbar etc
Thats good

Retadpu32.exe im 100% sure a problem
And im not sure what Wuauclt.exe is

It seems as if i just can't get rid of them because it won't allow me to keep open a program

Its a Remote host tool i belive,
people got nothing better to do

InFlames_44 · 06-09-2007, 04:54 PM

heres a update on my log
im slowly working away at it all

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\aiytgltts\services.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\HijackThis.exe

InFlames_44 · 06-09-2007, 05:27 PM

Well i found 3 more infected items

My anti-virus cannot delete them as there is not enough information it tells me
i have to do it myself i guess
But i can find the directory

Its in
C:\RECYCLER

I need some help guys

patrickv · 06-09-2007, 05:47 PM

what's your antivirus ?
try AVIRA antivir <--now that will surely remove that thing

recycler is a super hidden files . go to Tools-->folder options-->view tab. scroll down and tick "show hidden files and folders.
if recycler still won't show up also untick "hide protected operating system files"...
now instead of deleting, shred the file

John McKenna · 06-10-2007, 12:51 AM

inflames_44,

Can you post a full HijackThis log please including the header section which lists your Operating System status.

InFlames_44 · 06-10-2007, 01:51 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:12:40 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\aiytgltts\services.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\aiytgltts\services.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\aiytgltts\services.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: services.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

there you go guys

InFlames_44 · 06-10-2007, 02:06 PM

Im rather confused now, as the files in directory RECYLER i managed to delete them and they do not show up on a system scan
AVRIA didn't detect anything either
Under AVG is finds a HOST file
and the "result/infection" is a "change"
>?
That file i deleted manulley myself.but it still shows up?

my pc keeps shutting me out of programs.
If i try to run a Reg tool it just closes it out..if i open up hijack this it closes it within 5 seconds.
I don't nowwww

John McKenna · 06-10-2007, 04:42 PM

As you're having problems keeping HijackThis open, please do the following:

Download WinPFind3U.exeto your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

In the Processes group click All
In the Win32 Services group click Non-Microsoft
In the Driver Services group click Non-Microsoft
In the Registry group click Non-Microsoft
In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
In the File String Searchgroup select Non-Microsoft
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file and paste it on to the forum using Ctrl + V.

06-09-2007, 04:11 PM	#1 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	Need some help,* dumb virus,-log files-identify?** Hey guys, i got this dumb virius and it keeps exiting out of things like..anything to remove it such as hijack this and other programs. Ive managed to get a log file. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e C:\WINDOWS\system32\aiytgltts\services.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\retadpu32.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\jeff\Desktop\HijackThis.exe I got rid of C:\WINDOWS\retadpu32.exe im positive thats it.but it still keeps closing me out of programs etc Can anyone help me out ? do you want the hosts and services log as well? __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-09-2007, 04:52 PM	#3 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	well C:\Program Files\UltraMon\UltraMon.exe C:\WINDOWS\retadpu32.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe Ultramon is a display program for dual monitors. Provides a whole host of things for wallpaper screensaver toolbar etc Thats good Retadpu32.exe im 100% sure a problem And im not sure what Wuauclt.exe is It seems as if i just can't get rid of them because it won't allow me to keep open a program Its a Remote host tool i belive, people got nothing better to do __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-09-2007, 04:54 PM	#4 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	heres a update on my log im slowly working away at it all Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\aiytgltts\services.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe C:\Program Files\Azureus\Azureus.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\CCleaner\ccleaner.exe C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\HijackThis.exe __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-09-2007, 05:27 PM	#5 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	Well i found 3 more infected items My anti-virus cannot delete them as there is not enough information it tells me i have to do it myself i guess But i can find the directory Its in C:\RECYCLER I need some help guys __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-09-2007, 05:47 PM	#6 (permalink)
patrickv Diamond Member Join Date: Jul 2006 Location: Soul Chamber Posts: 5,470	what's your antivirus ? try AVIRA antivir <--now that will surely remove that thing recycler is a super hidden files . go to Tools-->folder options-->view tab. scroll down and tick "show hidden files and folders. if recycler still won't show up also untick "hide protected operating system files"... now instead of deleting, shred the file __________________ Laptop: Thinkpad X60: Core2Duo T7200 @ 2Ghz,1GB DDR2,110GB SATA -winXP ProSP2 Work Desktop: Core Duo E2180 @ 2Ghz,1.5GB DDR2,240GB HD - XP PRO SP2 Home: Core Duo E2180 2Ghz,1.5GB DDR2,Nvidia GForce 6200TB,320 GB (2x160GB) -Dual boot - XP / OSX 10.5.2

06-10-2007, 12:51 AM	#7 (permalink)
John McKenna Silver Member Join Date: May 2007 Location: Liverpool, UK Posts: 106	inflames_44, Can you post a full HijackThis log please including the header section which lists your Operating System status.

06-10-2007, 01:51 PM	#8 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	Logfile of HijackThis v1.99.1 Scan saved at 1:12:40 PM, on 6/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\aiytgltts\services.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\Launcher.exe C:\Program Files\Azureus\Azureus.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\CCleaner\ccleaner.exe C:\Documents and Settings\jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\system32\aiytgltts\services.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\aiytgltts\services.exe O1 - Hosts: 1.1.1.1 f-secure.com O1 - Hosts: 1.1.1.1 www.f-secure.com O1 - Hosts: 1.1.1.1 ftp.f-secure.com O1 - Hosts: 1.1.1.1 ftp.sophos.com O1 - Hosts: 1.1.1.1 liveupdate. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\WLAN Monitor\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: services.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe there you go guys __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-10-2007, 02:06 PM	#9 (permalink)
InFlames_44 Gold Member Join Date: Jul 2006 Location: Canada Posts: 323	Im rather confused now, as the files in directory RECYLER i managed to delete them and they do not show up on a system scan AVRIA didn't detect anything either Under AVG is finds a HOST file and the "result/infection" is a "change" >? That file i deleted manulley myself.but it still shows up? my pc keeps shutting me out of programs. If i try to run a Reg tool it just closes it out..if i open up hijack this it closes it within 5 seconds. I don't nowwww __________________ x2 5000 oced 3.1 2 250gb WD HD-2 Antec HD coolers 2 xfx 8800gt xt SLI 2gbs OCZ special opps pc2-7200 DFI Lanparty UT NF590 CNPS9700NT Heatsink 550watt SLI rdy PSU X-FI Xtreme Audio

06-10-2007, 04:42 PM	#10 (permalink)
John McKenna Silver Member Join Date: May 2007 Location: Liverpool, UK Posts: 106	As you're having problems keeping HijackThis open, please do the following: Download WinPFind3U.exeto your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. In the Processes group click All In the Win32 Services group click Non-Microsoft In the Driver Services group click Non-Microsoft In the Registry group click Non-Microsoft In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED In the File String Searchgroup select Non-Microsoft Now click the Run Scan button on the toolbar. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Save that notepad file and paste it on to the forum using Ctrl + V.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
this virus is taking over my comp plz help	suprasownall	Computer Security	3	04-30-2006 07:08 PM
Computer Problems - A joke	Darkomen	General Computer Chat	31	10-31-2005 06:37 PM
Warning - Could not write to log files?	chipfryer	Computer Memory and Hard Drives	1	10-20-2005 08:04 PM
Log Files	cardwell	General Computer Chat	2	08-25-2005 05:52 PM
Probs Wit Virus....I think	Xeis	Computer Security	1	07-18-2005 09:09 AM