Home > Hijackthis Log > HiJackThis Log -- I'm Infected

HiJackThis Log -- I'm Infected

Web Scanner;avast! Several functions may not work. Greets Jurgenv. Must have been late at night- I growl louder then! check over here

Ask a question and give support. I'm dealing with nasty virus! Discussions cover how to detect, fix, and remove viruses, spyware, adware, malware, and other vulnerabilities on Windows, Mac OS X, and Linux.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion Help! self protection module/ALWIL Software) ZwOpenProcess [0xF619808C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast!

Please try again now or at a later time. Also give an update on current issues/concerns.Kevin Share this post Link to post Share on other sites Maurice Naggar    Staff Moderators 16,648 posts Location: USA Interests: Security, Windows, Windows Update, I notice also that you removed the Sony program and that there is also no indication of an install of TMeter Service Monitor which runs an executalbe as TrafMonitor.exe. does gamer cause a computer to behave that way?

Please update the Java to v6u20: Check this site: Java Updates Uninstall any earlier versions in Add/Remove Programs. Preview post Submit post Cancel post You are reporting the following post: Help! That may cause it to stall. that is the only thing i can think of...

Do matter what scanner you buy, what programs you use, they all have one common achilles heel: They need to be in Windows to run.Modern viruses work their way into system Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. HijackThis log included. Even if you clean the infection, your computer is a magnet for malware with that old version of Java.I suggest that you follow Roddy's instructions to post your log on another

HijackThis log included. If we have ever helped you in the past, please consider helping us. A case like this could easily cost hundreds of thousands of dollars. Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: eDataSecurity Service

TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ---- _________________________________________________________________ DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 9:18:33.82 on 2010/05/11 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.703.475 [GMT Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Repeat as many times as necessary to remove each Java versions. MS Office), BUT BEFORE you load back all your important backups and data, go look for the latest updates, patches and drivers, and once your machine has been fully updated (this

G'Luck! check my blog Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting Flag Permalink This was helpful (0) Collapse - Geez by lantaipuo / May 19, 2008 4:14 PM PDT In reply to: Hi, bcs_4 You wrote: One of the infections showing in I'm not proposing that it will cure your problem, but you may find that it helps.Just a suggestion!tanguska Flag Permalink This was helpful (0) Collapse - Get rid of it by

It is related to AdminWorks network management suite. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dllO3 - Toolbar: Yahoo! by VinceGP / May 19, 2008 6:46 PM PDT In reply to: Help! this content Also, if you ever crash, it's a simple reload with the image, then load back your weekly (you do make backups at least weekly no?!) backup copy and voila, you're up

Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & plus how do i post as attachments? _________________________________________ Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 2010/05/10 16:02:23 mbam-log-2010-05-10 (16-02-23).txt Scan type: Quick scan

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:08:20, on 2010/05/13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe

I know, I know, I am only a LURKER, but oh well, have a good day.Errare humanum est Flag Permalink This was helpful (0) Collapse - Updating Java by Bugbatter / All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs I'm infected what do I do now Privacy Policy Contact Us Back to Top Malwarebytes Community Software HijackThis log included. I'm dealing with nasty virus!

Double click combofix.exe & follow the prompts to run. You might want to have a look here as there may be an update for this firmware: http://www.avocent.com/Legacy_Firmware_Updates/AdminWorks_Management_Software.aspx Apr 23, 2010 #4 MelissaP TS Rookie Topic Starter sorry for the All submitted content is subject to our Terms of Use. http://exomatik.net/hijackthis-log/hijackthis-log-maybe-infected-maybe-not.php Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

But in the activity for the last 30 days shows only 3 folders from 2010-04-21 for c:\program files\Trend Micro c:\program files\Zone Labs, c:\windows.0\Internet Logs. when i stop that program from running then all ports are closed. Please attach to your next reply. ==================== Please leave the Combofix log generated after you have run the script. Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases

Type Y to begin the cleanup process. Completion time: 2010-05-12 12:17:41 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-12 10:17 ComboFix2.txt 2010-05-12 08:19 Pre-Run: 52,356,194,304 bytes free Post-Run: 52,241,719,296 bytes free - - End Of File - - B7CD81ECC71CF7418DA7F5FE5632CAC1 Try Spyware Doctor http://www.pctools.com/spyware-doctor/SAS http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREEAVG Anti virus http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?tag=pop.software&cdlPid=10834624Spybot SD http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html?cdlPid=10804822Defender http://www.download.com/Microsoft-Windows-Defender/3000-12771_4-10353597.html?tag=lst-1&cdlPid=10598014All except Spyware Doctor are free and will help Flag Permalink This was helpful (0) Collapse - help by albertonene1 / Thank you for helping us maintain CNET's great community.

antivirus 4.8.1368 [VPS 100512-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FILE :: "c:\windows.0\system32\drivers\tmeter.sys" "c:\windows.0\system32\drivers\w900bus.sys" "c:\windows.0\system32\drivers\w900mdfl.sys" "c:\windows.0\system32\drivers\w900mdm.sys" "c:\windows.0\system32\drivers\w900mgmt.sys" "c:\windows.0\system32\drivers\w900obex.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . the sony program that i uninstalled not so long ago is that cd software that comes with the cellphone. self protection module/ALWIL Software) ZwRestoreKey [0xF619872E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! When finished, it shall produce a log for you.

Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! Here's my combofix log.ComboFix 07-11-19.3 - NooBiFieD 2007-11-24 10:46:50.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1558 [GMT 8:00]Running from: C:\Documents and Settings\NooBiFieD\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\hostsC:\WINDOWS\system32\buvpwxru.dllC:\WINDOWS\system32\bvbcfooi.dllC:\WINDOWS\system32\cmdbfqla.dllC:\WINDOWS\system32\jywqbang.dllC:\WINDOWS\system32\nvdmeinl.dllC:\WINDOWS\system32\tttss.bak1C:\WINDOWS\system32\tttss.bak2C:\WINDOWS\system32\tttss.iniC:\WINDOWS\system32\tttss.ini2C:\WINDOWS\system32\tttss.tmpC:\WINDOWS\system32\vagrfkgi.dllC:\WINDOWS\system32\wlvawmfb.dllC:\WINDOWS\system32\yicqyynj.dllC:\WINDOWS\system32\yqbosnff.dll.((((((((((((((((((((((((((((((((((((((( http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167 Flag Permalink This was helpful (0) Collapse - Spyware & Virus invasion by tanguska / May 19, 2008 9:36 AM PDT In reply to: Please read this thread and follow

scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-11-24 10:57:30 - machine was rebooted. --- E O F ---And here's my Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:58:43 anyway please tell me if there's anything in the logs that i should be aware of...