Internet Speed Monitor.... help me kill this virus

im_not_1337 · #1 08-29-2007, 08:38 PM

OK, thanks for posting that. It gives me a lot of info and i now know exactly what we are dealing with here. Could you please follow the steps in my first post exactly, then post the 4 things i mentioned as well, and then we will go from there.

daveT · #2 08-31-2007, 06:30 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/31/2007 at 03:10 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:49:30

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 3850
Registry threats detected : 16
File items scanned : 21746
File threats detected : 3

Trojan.DCOM Server
HKLM\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}
HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}
HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}\InProcServer32
HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MASHE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{2C1CD3D7-86AC-4068-93BC-A02304B25319}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad#DCOM Server 25319
HKCR\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B25319}

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#DisplayVersion

Trojan.Downloader-Gen/WinPop
C:\Program Files\WinPop

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE

daveT · #3 08-31-2007, 06:34 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:30:36 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\new\Desktop\HiJackThis_v2.exe

O2 - BHO: C:\WINDOWS\system32\htr4ikg.dll - {27AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINDOWS\system32\htr4ikg.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] "C:\WINDOWS\inf\unregmp2.exe" /EnsureFileVersions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\new\LOCALS~1\Temp\wnset.exe
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\new\svchost.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\fcyvwwv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aeskap - C:\WINDOWS\SYSTEM32\aeskap.dll
O20 - Winlogon Notify: hhclui - hhclui.dll (file missing)
O21 - SSODL: DRvajxH - {40EAF900-EA40-53AA-FCB2-42006A0B7F52} - C:\WINDOWS\system32\fbufv.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: ldf94mgdfg94jfgdfg - {27AD49A2-94F3-42bD-F434-2604812C897C} - C:\WINDOWS\system32\htr4ikg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Dynex DX-WGNBC Service (Dynex DX-WGNBC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Adapter\WLService.exe
O24 - Desktop Component 0: (no name) - http://i148.photobucket.com/albums/s...54GM8W1004.jpg

--
End of file - 5317 bytes