Help!!!

J

james1234

New Member
Hey, im new to this site , but i hope you can help me out! My computer was recently infected with a virus. It keeps popping up with "ALERT! Your computer is infected!" and other messages. Also, i had a browser hijacker with it but i managed to get rid of that part. Here is my hijack this log. :D

Logfile of HijackThis v1.99.1
Scan saved at 4:08:35 PM, on 15/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\System32\shell386.exe
c:\program files\warcraft iii\worldedit.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\RICKIM~1\LOCALS~1\Temp\se.dll/space.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: winapi32.MyBHO - {06CC1B18-42FA-41B8-91A9-D3E3A848C7A8} - C:\WINDOWS\System32\winapi32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdService] C:\WINDOWS\System32\AdService.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\System32\WinSys.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\sysmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [Win32.Exploit.mzH] C:\WINDOWS\System32\mzrun.exe
O4 - HKLM\..\Run: [Win32.Trojan.Downloader] C:\WINDOWS\System32\netstat2.exe
O4 - HKLM\..\Run: [Universal Porn Dialer] C:\WINDOWS\System32\xxxdialer.exe
O4 - HKLM\..\Run: [dmsai.exe] C:\WINDOWS\System32\dmsai.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iPlusAgent] C:\Program Files\iriver\iriver plus\iAgent.exe
O4 - HKCU\..\Run: [iriverPlus] C:\Program Files\iriver\iriver plus\iPlus.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\RICKIM~1\MYDOCU~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126063842906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} - http://files-pl.starware.com/installs/4.0.0.200511081803/ReleaseProduction/323/Starware_323.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1046456.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90052E4A-CF3F-468A-B8A7-4413767A7828}: NameServer = 85.255.114.56,85.255.112.138
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O21 - SSODL: oeXVVCYuLUt - {20B4684F-8A1E-C2E5-E218-2ECE59F036F9} - C:\WINDOWS\System32\ox.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
What can I say but wow you have alot of problems...lol! I am not laughing at ya I am laughing with you!

First run ewido and see if that cleans things up a bit then reboot pc and post a new log and we will get started! After you download ewido make sure you update definitions!

http://www.ewido.net/en/
 
PS: I would also recommend getting a better antivirus, norman does not rank to high as far as cleaning infections and detecting trojans!

I pulled this info on it!

Cons - Norman Antivirus:
Interface a bit confusing. Many small programs, some with overlapping features
Few options to optimize a scan
Some viruses detected by on-access scan can only be removed by running a subsequent on-demand scan
Low on polymorphic viruses and backdoors/trojans
Doesn't completely uninstall
More expensive than other programs with same features

Major flaws - Norman Antivirus:
Some viruses are falsely reported as cleaned when in fact disinfection failed
Terrible support for archive file formats
Doesn't scan email streams (POP3, SMTP)
Major stability issues, fixes issued regularly
 
lol

It doesnt suprise me when u say it has alot of problems. About 6 people use it every day for all types of things. And im the only one who antiviruses it and defrags it etc. Its hard to keep up with 6 other people tho lol. Ill try what u wrote in ur replies and ill hope it will work, those popups annoy me. Forgot to say my father wont let me fiddle round with the computer much, so i cant download any spyware or antivirus software.
 
Last edited:
james1234 said:
so i cant download any spyware or antivirus software.
Click to expand...
Then your only other option is to reformat and you will have a virus or spyware within the first 10 minutes of websurfing once you are done so tell pops get use to reformating alot...roflmao!

Anti spyware programs are not an option now days, they are mandatory, and I am not just talking about one! You need to use many as some will find things others miss. Your dad will learn the hard way like most people when his credit card info gets stolen or something along those lines...and the funny thing is there are alot of free programs to help protect your computer you dont have to spend money to be safe!
 
Last edited:
cell4me said:
Then your only other option is to reformat and you will have a virus or spyware within the first 10 minutes of websurfing once you are done so tell pops get use to reformating alot...roflmao!
Click to expand...

And if his father won't let him download an antivirus program, he probably won't let him reformat either! Maybe your father would feel differently if you downloaded it on another computer, burn it to a CD and installed it from there? (OK, it's a long shot). Either convince your father to let you fix it, or you'll have to take it to a professional.
 
Reformat

Lol what i really need is to find my windows XP disk. I have 2 removal hard drives, the one im using is screwed beyond repair, but I reformatted my other one a while ago (Because, if course, it was screwed) but the formating didnt work well and the old harddrive stopped working. So i think i need to reformat the unworking one and make it my personal one, and not tell any1 about it. Lol heheheheh.
 
You must log in or register to reply here.
Back
Top