<-(BrOkEn)->
Solid State Member
- Messages
- 6
I recently bought a used computer from a friend and as soon as i hooked it up to internet
it starting having problems (It had WebHancer on it) . It brought up alot of pop-ups even tho i wasn't even on it at the time So i downloaded and installed AVG free edition and when i ran it it took like 3 hours and it came up with like 300+ threats. So i got rid of them and restarted my computer And i couldnt connect to the internet The connection had little or no conectivity
i tried clicking repair but it said could not renew the ip. i tried CMD Ipconfig/release and ipcongif/renew and it said something about a socket, so i googled it and downloaded LSP-FIX - Winsock 2 repair utility And that fixed the internet problem and it seemed fine until i got up this morning where avg was running and it kept bringing up virus Detected. So i rebooted in safemode and ran hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:16 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl22&revid=10702&uid=17c96a2e077711dea4f2177850ffffff&guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ver=4052
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http :// click.getmirar .com (HKLM)
O15 - Trusted Zone: http :// click.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// redirect.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// awbeta.net-nucleus .com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
--
End of file - 7351 bytes
it starting having problems (It had WebHancer on it) . It brought up alot of pop-ups even tho i wasn't even on it at the time So i downloaded and installed AVG free edition and when i ran it it took like 3 hours and it came up with like 300+ threats. So i got rid of them and restarted my computer And i couldnt connect to the internet The connection had little or no conectivity
i tried clicking repair but it said could not renew the ip. i tried CMD Ipconfig/release and ipcongif/renew and it said something about a socket, so i googled it and downloaded LSP-FIX - Winsock 2 repair utility And that fixed the internet problem and it seemed fine until i got up this morning where avg was running and it kept bringing up virus Detected. So i rebooted in safemode and ran hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:16 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http :// searchbar. findthewebsiteyouneed .com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http :// 83.149.75. 33/info.png?cmp=fkfrt&rid=m20003&affid=177850&mid=gl22&revid=10702&uid=17c96a2e077711dea4f2177850ffffff&guid=c4c62604ecce654597e955977ad6ca85&mrk=1&ver=4052
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {d0a231a8-d82a-4751-9bfd-9501ff8b3d62} - C:\WINDOWS\System32\yipiwopa.dll (file missing)
O2 - BHO: {d0d712cc-b774-f9f9-d534-a40071168f0d} - {d0f86117-004a-435d-9f9f-477bcc217d0d} - C:\WINDOWS\system32\eieugq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [04cg09gk.dll] RUNDLL32.EXE 04cg09gk.dll,b 1066687
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [341346aa] rundll32.exe "C:\WINDOWS\system32\tuhemoye.dll",b
O4 - HKLM\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s
O4 - HKLM\..\Run: [CPM37207536] Rundll32.exe "c:\windows\system32\fogarese.dll",a
O4 - HKUS\S-1-5-20\..\Run: [fumobigavu] Rundll32.exe "C:\WINDOWS\System32\bokiluve.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [zoqw] C:\PROGRA~1\COMMON~1\zoqw\zoqwm.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http :// click.getmirar .com (HKLM)
O15 - Trusted Zone: http :// click.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// redirect.mirarsearch .com (HKLM)
O15 - Trusted Zone: http :// awbeta.net-nucleus .com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\gijeluhe.dll c:\windows\system32\muhenali.dll eieugq.dll c:\windows\system32\fogarese.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\k862lijo18oc.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\ktnul7591.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j4l4le3q1h.dll
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\gp8sl3l71.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\r2p8lc7u1f.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\micms.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fogarese.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIE1jS2Vl\command.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: mcafeeWALLP - Unknown owner - C:\WINDOWS\mcafeeWALLX.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\Norman\Nvc\bin\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Explorer Shell Subsystem (Shell32Extender) - Unknown owner - C:\WINDOWS\system32\shell32.exe (file missing)
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
--
End of file - 7351 bytes