If AVG found only the logon.exe and nothing else, I would imagine you still have some problems. Logon.exe is installed via the ZINS.A TROJAN! as identified Here. Follow the instructions Here and post back the hijackthis log. Thanks!
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
This is the scan I did with HJT as instructed. The problem is still the same: One day, after having turned the pc on and when windows started, AVG found a threat which was Logon.exe. I clicked on heal and the threat was seemingly dealt with, nothing else happened. Ever since however, every time I open my computer and just when I log in windows I get an error message telling me windows cannot find Logon.exe and to try find it in its file (or something of that sort). There are no other symptoms whatsoever.
The only peculiar thing about it is that sometimes my pc, when I try to turn it on, doesnt boot at all and nothing appears on the screen which remains black. When that happens I have to restart it until it actually boots. I don't suppose it has anything to do with the logon.exe problem but I thought to mention it anyway just in case.
Thank you a lot for your time and help :)
I'm sorry that I actually made another thread,(I copy pasted it here) somehow I thought I was supposed to. The link on the reply of the duplicate thread was not working, but I assumed you were talking about this thread. Thanks :)
Please uninstall the following software:
Ask Toolbar Search Guard Plus ...click start-->Control Panel-->Add/Remove Programs. Scroll down the list to locate the programs and click
Remove for each.
Your Spybot Tea Timer Registry Protection function will wrestle with our efforts to remove the malicious software you have on board so we need to disable it while this troubleshooting endeavor is underway.
To disable Tea Timer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts
Restart your computer.
...please remember to re-enable Tea Timer only AFTER we finish up with the cleaning.
Please run HijackThis again and check the box next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={BFDAF72A-B449-46cf-AE4B-BAB42F867DAB} R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll F2 - REG:system.ini: Shell=Explorer.exe logon.exe O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: C:\Program Files\Search Guard PlusU\sgpUpdaters.exe O4 - HKLM\..\Run: C:\Program Files\Search Guard Plus\SearchGuardPlus.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Close all windows now including this browser window. Leaving only the hijackthis application's window open, click the
Fix Checked button.
Locate and delete the following folders indicated in
Bold text:
C:\Program Files\
AskSearch C:\Program Files\
AskBarDis C:\Program Files\
Search Guard PlusU C:\Program Files\
Search Guard Plus
Reboot the computer and post back a fresh HijackThis log and advise how the system behaves now. Thanks!
This is the fresh HJT log from the scan I performed after having followed the instructions given. There are some comments later expailing a few things that were different than expected.
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Most importantly, the logon.exe error message is gone. Now some comments:
First of all when I opened Add/Remove Programs, apart from Ask Toolbar and Search Guard Plus I also found Search Guard Plus Updater (My Tattoons) which I did not delete and is still here. Its icon though is now changed to the generic icon used by windows for software, I assume thats cause I deleted its file in the Program Files.
Second, when I ran HJT and tried to check all the boxes named above, I couldnt find thw following:
which I checked along with the others I could find.
Lastly, after having done the fix and rebooted my computer, when i tried to locate
AskSearch, AskBarDis, Search Guard PlusU, Search Guard Plus I could not locate AskBarDis or Search Guard PlusU. Along with the other two, I did find an empty file with the name SGPU which I deleted. I assume it was the file of Search Guard PlusU.
That is all, I hope I managed to follow your instructions correctly, and thanks once more for all the help :)
Wasn't thinking there was an uninstall string for the updater. If it's still there, uninstall that too, then run hjt again and post back THAT log. Thanks!
Hey there, just clicked on uninstall on Add/Remove Programs so to remove Search Guard Plus Updater. It told me the program could not be found because it was probably already deleted (I did delete an empty file called SGPU in Program Files), so I clicked on the option to remove it from the Add/Remove Programs list. Here is the fresh HJT log.
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Also, I noticed there's this other programe in Add/Remove Programs. It's called Fast Browser Search (My Tattoons). I did try to remove it but upon clicking change/delete nothing happened really. I didnt locate any corresponding file in Program Files either to delete, other than some folder named BFG containing some random icons god knows what for. By the way I also have no idea how these pieces of software got installed in my computer but I may just have downloaded something stupid and not remember.
Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.
A notepad file will open. Please remember to copy and paste the content of that text file back here on your next reply.
Please download
Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them fromhere and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected then click on the Scan button.
The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Exit MBAM. Please remember to copy and paste the contents of that report in your next reply along with the hjt uninstall log from above.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
...also, please answer, do you use this?:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
It may be that is where the spurious downloads came from. The tool bar's name is what you see there in the Greek lettering. Just in case you didn't name it that way and you have no idea what that is, that word means "Connections"...so, since you had a trojan downloader, this may be a part of it along with the other software that was installed without your knowledge.
Hello again! First, here is the note pad log from Hijack This, the one with the name uninstall_list.txt :
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9 - Greek
Apple Application Support
Apple Software Update
Audacity 1.2.6
AVG Free 9.0
Curse Client
DVD Shrink 3.2
Eye 312
Fast Browser Search (My Tattoons)
Free WMA to MP3 Converter 1.16
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.7.5 (Full)
LimeWire 5.3.6
Logitech Vid
Logitech Webcam Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
Nero 7 Demo
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 3.0
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Skype web features
Skype™ 4.1
SoulSeek 157 NS 13e
Spybot - Search & Destroy
SubSync
TeamSpeak 2 RC2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Veoh Video Compass
Veoh Web Player
VLC media player 1.0.3
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
World of Warcraft
Xfire (remove only)
Zuma Deluxe RA
Βοηθός εισόδου του Windows Live
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB954155)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB968816)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB973540)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB954154)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB971961)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB972260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB974455)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956744)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956844)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB958869)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB960859)
Ενημέρωση ασφαλείας για Windows XP (KB961371-v2)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB963027)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969059)
Ενημέρωση ασφαλείας για Windows XP (KB969897)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB969947)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971486)
Ενημέρωση ασφαλείας για Windows XP (KB971557)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB971657)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση ασφαλείας για Windows XP (KB973354)
Ενημέρωση ασφαλείας για Windows XP (KB973507)
Ενημέρωση ασφαλείας για Windows XP (KB973525)
Ενημέρωση ασφαλείας για Windows XP (KB973869)
Ενημέρωση ασφαλείας για Windows XP (KB974112)
Ενημέρωση ασφαλείας για Windows XP (KB974571)
Ενημέρωση ασφαλείας για Windows XP (KB975025)
Ενημέρωση ασφαλείας για Windows XP (KB975467)
Ενημέρωση για Windows Internet Explorer 8 (KB971180)
Ενημέρωση για Windows Internet Explorer 8 (KB976749)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημέρωση για Windows XP (KB968389)
Ενημέρωση για Windows XP (KB973687)
Ενημέρωση για Windows XP (KB973815)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Επείγουσα επιδιόρθωση για Windows XP (KB961118)
Επείγουσα επιδιόρθωση για Windows XP (KB970653-v3)
Επείγουσα επιδιόρθωση για Windows XP (KB976098-v2)
Επείγουσα επιδιόρθωση για το Windows Media Player 11 (KB939683)
Εργαλείο αποστολής του Windows Live
Κρίσιμη ενημερωμένη έκδοση για το Windows Media Player 11 (KB959772)
Πακέτο προγράμματος οδήγησης του Logitech Webcam Software
Συλλογή φωτογραφιών του Windows Live
And second, I followed all the instructions closely about mbam, but after performing the the quick scan the software found nothing. There was no option to remove anything and all I could do is click on OK and go back to main menu. A log of the scan did appear so I'm posting it here:
No I do not use this, also I do not use Internet Explorer at all. Instead I use Google Chrome. I also have installed Mozilla Firefox but I have stopped using it a long time ago. However I do remember using Internet Explorer about... once, a long time ago. Not really sure what I used it for, could be for downloading something.
Since I'm greek my computer is in greek and thats why greek appear in the logs etc :) I know what Συνδέσεις means, thanks for translating though :D
As I said before, no I have no idea what it is nor do I use it.
Hello again, I installed the software and it worked fine, so I'm posting back the logs required. Before though I'd like to ask, wont Java installer, the one I uninstalled, be needed later? Or will it simply redownload itself?
Here are the reports from DDS:
DDS (Ver_09-11-29.01) - NTFSx86
Run by „Άβ¤ at 17:56:30,26 on ƒ¬ 30/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.1535.903 [GMT 2:00]
About "attach post, I wasn't sure If I'm supposed to zip it and attach it as it indicated itself. Since you told me to post all logs here though, I decided to simply copy paste it:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-11-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/5/2009 11:13:46 πμ
System Uptime: 30/11/2009 8:52:44 πμ (9 hours ago)
Motherboard: MSI | | MS-7236
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | CPU 1 | 1861/266mhz
About gmer, I'm not sure I did eveything correctly: The first time I attempted a scan, after some time it told me the scan has stopped (not has completed) so I clicked ok and did the scan again just in case. The second time it didn't quite do anything when the scan was completed, I simply checked it and it seemed to be doing nothing. I then clicked on save button and saved the log which I'm copy-pasting below:
I'd like to ask, wont Java installer, the one I uninstalled, be needed later? Or will it simply redownload itself?
...You had two different versions of Java installed. You only uninstalled the earlier version that you did not need. You still have the latest version installed as evidenced by the DDS log that you posted, you can see for yourself:
Quote:
DDS (Ver_09-11-29.01) - NTFSx86
Run by ???? at 17:56:30,26 on ??? 30/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
...if you have any doubt, click Here to confirm the version installed.
Your logs showed some questionable items...let's get busy:
Please download combofix from This Webpage...and read through the instructions there for running the tool.
***Important Note*** Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.
If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.
Once installed, a blue screen prompt should appear that reads as follows:
The Recovery Console was successfully installed.
When you see that screen, please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!
Note: Do not mouseclick combofix's window while it's running....that may cause the scan to stall
Ok hello again and sorry for the long delay... I was away from home for a bit longer. I started looking up the last reply so I could start following the directions, but I got a bit lost in the way I should use Combofix.
Am I supposed to download Windows Recovery Console manually before I run Combofix? Or should I run it anyway and wait for Combofix to download it on its own? What if it fails to install as the tutorial page for Combofox suggest itself? In that case the tutorial says I should wait for Combofix to run the test and after that manually install Windows Recovery Console. You did warn me not to use Combofix withouth Windows Recovery Console though so I supposed I need to install it manually beforhand?
Also, I'm a little concerned about using Combofix or even installing Windows Recovery Console. It says it will be giving me a new option when I boot my computer, which I'm not supposed to select without advice. Will that be gone after I uninstall Windows Recovery Console?
Combofix suggests that if something goes wrong during the scan, the Windows Recovery Console will help restoring my system, but If something does go wrong I cannot connect to tghe Internet in any other way and it will be a problem for me to get help.
Lastly, my windows are in greek. Should I download the greek version of Windows Recovery Console? (If I'm supposed to do it manually) It just gives me the option of english or greek. One more thing I'd like to add is that due to some unknown reasons when my pc boots, and if say I try to bring up the menu that allows you to select boot mode (like safe mode) all the letters are weird and unreadable instead of greek as it used to be. I don't know why that happened but if I'm asked to select some kind of booting mode later I'll have to guess =/
It just looks like I'll somehow manage to screw it up and not be able to boot windows or connect to the Internet afterwards :P
I'd also like to ask if we're doing this scan to find something in specific or are we trying to explore the questionable items you mentioned. If that is so, what is the probability this scan (or any further action) proves to be necessary?
1972vet
3.3K Posts
0
November 17th, 2009 17:00
Greetings Nelumvia and Welcome to the Forums,
If AVG found only the logon.exe and nothing else, I would imagine you still have some problems. Logon.exe is installed via the ZINS.A TROJAN! as identified Here.
Follow the instructions Here and post back the hijackthis log. Thanks!
Nelumvia
9 Posts
0
November 22nd, 2009 12:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:13 μμ, on 20/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\Explorer.exe
C:\windows\SOUNDMAN.EXE
C:\windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={BFDAF72A-B449-46cf-AE4B-BAB42F867DAB}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 11275 bytes
1972vet
3.3K Posts
0
November 22nd, 2009 16:00
Ask Toolbar
Search Guard Plus
...click start-->Control Panel-->Add/Remove Programs. Scroll down the list to locate the programs and click Remove for each.
Your Spybot Tea Timer Registry Protection function will wrestle with our efforts to remove the malicious software you have on board so we need to disable it while this troubleshooting endeavor is underway.
To disable Tea Timer:
- Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
- Restart your computer.
...please remember to re-enable Tea Timer only AFTER we finish up with the cleaning.Please run HijackThis again and check the box next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={BFDAF72A-B449-46cf-AE4B-BAB42F867DAB}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Close all windows now including this browser window. Leaving only the hijackthis application's window open, click the Fix Checked button.
Locate and delete the following folders indicated in Bold text:
C:\Program Files\ AskSearch
C:\Program Files\ AskBarDis
C:\Program Files\ Search Guard PlusU
C:\Program Files\ Search Guard Plus
Reboot the computer and post back a fresh HijackThis log and advise how the system behaves now. Thanks!
Nelumvia
9 Posts
0
November 23rd, 2009 06:00
This is the fresh HJT log from the scan I performed after having followed the instructions given. There are some comments later expailing a few things that were different than expected.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:09 μμ, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\windows\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 10075 bytes
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
1972vet
3.3K Posts
0
November 23rd, 2009 07:00
Wasn't thinking there was an uninstall string for the updater. If it's still there, uninstall that too, then run hjt again and post back THAT log. Thanks!
Nelumvia
9 Posts
0
November 23rd, 2009 10:00
Hey there, just clicked on uninstall on Add/Remove Programs so to remove Search Guard Plus Updater. It told me the program could not be found because it was probably already deleted (I did delete an empty file called SGPU in Program Files), so I clicked on the option to remove it from the Add/Remove Programs list. Here is the fresh HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:40 μμ, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\windows\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Logitech . Εγγραφή προϊόντος.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 10075 bytes
Also, I noticed there's this other programe in Add/Remove Programs. It's called Fast Browser Search (My Tattoons). I did try to remove it but upon clicking change/delete nothing happened really. I didnt locate any corresponding file in Program Files either to delete, other than some folder named BFG containing some random icons god knows what for. By the way I also have no idea how these pieces of software got installed in my computer but I may just have downloaded something stupid and not remember.
1972vet
3.3K Posts
0
November 23rd, 2009 13:00
A notepad file will open. Please remember to copy and paste the content of that text file back here on your next reply.
Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here
- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected then click on the Scan button.
- The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Exit MBAM. Please remember to copy and paste the contents of that report in your next reply along with the hjt uninstall log from above.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.and just double-click on mbam-rules.exe to install.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
...also, please answer, do you use this?:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
It may be that is where the spurious downloads came from. The tool bar's name is what you see there in the Greek lettering. Just in case you didn't name it that way and you have no idea what that is, that word means "Connections"...so, since you had a trojan downloader, this may be a part of it along with the other software that was installed without your knowledge.
Nelumvia
9 Posts
0
November 29th, 2009 05:00
Hello again! First, here is the note pad log from Hijack This, the one with the name uninstall_list.txt :
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9 - Greek
Apple Application Support
Apple Software Update
Audacity 1.2.6
AVG Free 9.0
Curse Client
DVD Shrink 3.2
Eye 312
Fast Browser Search (My Tattoons)
Free WMA to MP3 Converter 1.16
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.7.5 (Full)
LimeWire 5.3.6
Logitech Vid
Logitech Webcam Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
Nero 7 Demo
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 3.0
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Skype web features
Skype™ 4.1
SoulSeek 157 NS 13e
Spybot - Search & Destroy
SubSync
TeamSpeak 2 RC2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb975960)
Veoh Video Compass
Veoh Web Player
VLC media player 1.0.3
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
World of Warcraft
Xfire (remove only)
Zuma Deluxe RA
Βοηθός εισόδου του Windows Live
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB954155)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB968816)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB973540)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB954154)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB971961)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB972260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB974455)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956744)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956844)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB958869)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB960859)
Ενημέρωση ασφαλείας για Windows XP (KB961371-v2)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB963027)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969059)
Ενημέρωση ασφαλείας για Windows XP (KB969897)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB969947)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB971486)
Ενημέρωση ασφαλείας για Windows XP (KB971557)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB971657)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση ασφαλείας για Windows XP (KB973354)
Ενημέρωση ασφαλείας για Windows XP (KB973507)
Ενημέρωση ασφαλείας για Windows XP (KB973525)
Ενημέρωση ασφαλείας για Windows XP (KB973869)
Ενημέρωση ασφαλείας για Windows XP (KB974112)
Ενημέρωση ασφαλείας για Windows XP (KB974571)
Ενημέρωση ασφαλείας για Windows XP (KB975025)
Ενημέρωση ασφαλείας για Windows XP (KB975467)
Ενημέρωση για Windows Internet Explorer 8 (KB971180)
Ενημέρωση για Windows Internet Explorer 8 (KB976749)
Ενημέρωση για Windows XP (KB898461)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB961503)
Ενημέρωση για Windows XP (KB967715)
Ενημέρωση για Windows XP (KB968389)
Ενημέρωση για Windows XP (KB973687)
Ενημέρωση για Windows XP (KB973815)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Επείγουσα επιδιόρθωση για Windows XP (KB961118)
Επείγουσα επιδιόρθωση για Windows XP (KB970653-v3)
Επείγουσα επιδιόρθωση για Windows XP (KB976098-v2)
Επείγουσα επιδιόρθωση για το Windows Media Player 11 (KB939683)
Εργαλείο αποστολής του Windows Live
Κρίσιμη ενημερωμένη έκδοση για το Windows Media Player 11 (KB959772)
Πακέτο προγράμματος οδήγησης του Logitech Webcam Software
Συλλογή φωτογραφιών του Windows Live
And second, I followed all the instructions closely about mbam, but after performing the the quick scan the software found nothing. There was no option to remove anything and all I could do is click on OK and go back to main menu. A log of the scan did appear so I'm posting it here:
Malwarebytes' Anti-Malware 1.41
Database version: 3255
Windows 5.1.2600 Service Pack 3
29/11/2009 3:32:04 μμ
mbam-log-2009-11-29 (15-32-04).txt
Scan type: Quick Scan
Objects scanned: 108036
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
1972vet
3.3K Posts
0
November 29th, 2009 08:00
Java(TM) 6 Update 7
LimeWire 5.3.6
SoulSeek 157 NS 13e
Download DDS from here or here...save it to your desktop.
Download GMER Rootkit Scanner from here or here.
Do NOT take any action on any of these "<--- ROOKIT" entries without proper guidance from an expert user.
...when finished, please post those logs back here. Thanks!
Nelumvia
9 Posts
0
November 30th, 2009 11:00
Hello again, I installed the software and it worked fine, so I'm posting back the logs required. Before though I'd like to ask, wont Java installer, the one I uninstalled, be needed later? Or will it simply redownload itself?
Here are the reports from DDS:
DDS (Ver_09-11-29.01) - NTFSx86
Run by „Άβ¤ at 17:56:30,26 on ƒ¬ 30/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.1535.903 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ελένη\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Ελένη\Επιφάνεια εργασίας\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\ελένη\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\d85f~1\startm~1\f2da~1\599a~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\d85f~1\applic~1\mozilla\firefox\profiles\p32cbf38.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={1883CDC4-AB3C-C936-C473-261948A82744}
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={1883CDC4-AB3C-C936-C473-261948A82744}&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ξ•ξ»ξξ½ξ·\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-25 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-25 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-25 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-19 285392]
=============== Created Last 30 ================
2009-11-30 15:45:49 0 d-----w- c:\windows\system32\appmgmt
2009-11-29 13:19:01 0 d-----w- c:\docume~1\d85f~1\applic~1\Malwarebytes
2009-11-29 13:18:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 13:18:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 13:18:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 13:18:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 21:41:49 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-11-20 12:51:56 0 d-----w- c:\program files\Trend Micro
2009-11-20 01:00:29 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-20 00:35:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-11-19 19:59:44 0 d--h--w- C:\$AVG
2009-11-19 19:38:19 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-18 13:14:17 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-18 13:14:10 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-11-18 13:14:10 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-11-18 13:14:10 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-11-18 13:14:09 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-11-18 13:14:09 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2009-11-18 13:13:30 82289 ----a-w- c:\windows\system32\lvcoinst.ini
2009-11-18 13:13:30 34068 ----a-w- c:\windows\system32\Repository.reg
2009-11-18 13:13:30 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-11-18 13:13:30 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2009-11-18 13:13:30 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2009-11-18 13:13:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-18 13:12:57 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-11-18 13:09:00 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2009-11-18 13:09:00 20992 ----a-w- c:\windows\system32\dshowext.ax
2009-11-18 13:09:00 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-11-18 13:09:00 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
==================== Find3M ====================
2009-11-29 22:10:24 9175040 ---ha-w- c:\documents and settings\ελένη\NTUSER.DAT
2009-11-23 10:12:02 90112 ----a-w- c:\windows\DUMP5ae1.tmp
2009-11-19 19:39:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 19:39:36 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 19:39:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-17 05:41:17 230432 ----a-w- C:\PA7302.DAT
2009-11-02 11:54:53 90016 ----a-w- c:\windows\system32\perfc008.dat
2009-11-02 11:54:53 540160 ----a-w- c:\windows\system32\perfh008.dat
2009-10-11 02:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 23:46:36 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-06 23:25:10 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2009-10-06 23:25:10 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2009-10-06 23:25:10 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2009-10-06 23:25:10 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2009-10-06 23:23:08 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-09-27 16:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 16:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 16:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 16:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 16:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 16:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 16:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 16:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 16:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 16:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 16:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 16:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 14:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 13:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 13:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 13:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 13:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-24 06:24:18 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-11 14:18:08 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 00:00:34 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-04 21:04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
============= FINISH: 17:57:01,15 ===============
1972vet
3.3K Posts
0
November 30th, 2009 17:00
...You had two different versions of Java installed. You only uninstalled the earlier version that you did not need. You still have the latest version installed as evidenced by the DDS log that you posted, you can see for yourself:
Run by ???? at 17:56:30,26 on ??? 30/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
...if you have any doubt, click Here to confirm the version installed.
Your logs showed some questionable items...let's get busy:
Please download combofix from This Webpage...and read through the instructions there for running the tool.
***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.
If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.
Once installed, a blue screen prompt should appear that reads as follows:
The Recovery Console was successfully installed.
When you see that screen, please continue as follows:
When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!
Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall
1972vet
3.3K Posts
0
December 3rd, 2009 14:00
Still with us?
Nelumvia
9 Posts
0
December 4th, 2009 11:00
Hello, I was away a few days and I didnt took any action, but I should be posting a reply tomorrow. I hope that's ok!
1972vet
3.3K Posts
0
December 6th, 2009 20:00
No time yesterday? Still wanting us to help?
Nelumvia
9 Posts
0
December 7th, 2009 06:00
Ok hello again and sorry for the long delay... I was away from home for a bit longer. I started looking up the last reply so I could start following the directions, but I got a bit lost in the way I should use Combofix.
Am I supposed to download Windows Recovery Console manually before I run Combofix? Or should I run it anyway and wait for Combofix to download it on its own? What if it fails to install as the tutorial page for Combofox suggest itself? In that case the tutorial says I should wait for Combofix to run the test and after that manually install Windows Recovery Console. You did warn me not to use Combofix withouth Windows Recovery Console though so I supposed I need to install it manually beforhand?
Also, I'm a little concerned about using Combofix or even installing Windows Recovery Console. It says it will be giving me a new option when I boot my computer, which I'm not supposed to select without advice. Will that be gone after I uninstall Windows Recovery Console?
Combofix suggests that if something goes wrong during the scan, the Windows Recovery Console will help restoring my system, but If something does go wrong I cannot connect to tghe Internet in any other way and it will be a problem for me to get help.
Lastly, my windows are in greek. Should I download the greek version of Windows Recovery Console? (If I'm supposed to do it manually) It just gives me the option of english or greek. One more thing I'd like to add is that due to some unknown reasons when my pc boots, and if say I try to bring up the menu that allows you to select boot mode (like safe mode) all the letters are weird and unreadable instead of greek as it used to be. I don't know why that happened but if I'm asked to select some kind of booting mode later I'll have to guess =/
It just looks like I'll somehow manage to screw it up and not be able to boot windows or connect to the Internet afterwards :P
I'd also like to ask if we're doing this scan to find something in specific or are we trying to explore the questionable items you mentioned. If that is so, what is the probability this scan (or any further action) proves to be necessary?