|
I think I have Spyware or a Trojan, please help
|
|
|
Sandwich1
Suspended due to non-functional email address
|
13. June 2007 @ 11:56 |
Link to this message
|
While I was internetting I accidentally clicked on a pop-up and some Avast alarms went off (I think they were spyware alarms or something). ..I closed Firefox and ran a scan, and it says that I have no viruses. When I went to the virus chest there were 3 files there:
winsock.dll, kernel32.dll andwsock32.dll.
When I scan them it says that there are no viruses in them, and if I delete them they're still there the next time I scan.
I installed Hijack this. ..I don't know if there is any special way of installing it or not, so I just put in on my desktop and ran it. Also, if I download the files that are infected and replace the old ones with the new ones, will it work? ..Anyways here's the log...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:07:22, on 13/06/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HiJackThis_v2.0.0.0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 7555 bytes
Please help if you can. :)
This message has been edited since posting. Last time this message was edited on 13. June 2007 @ 12:09
|
|
Advertisement
|
|
|
|
|
Sandwich1
Suspended due to non-functional email address
|
14. June 2007 @ 01:14 |
Link to this message
|
|
Anyone?
|
Member
|
14. June 2007 @ 03:35 |
Link to this message
|
|
You have Vista. Nothing works in Vista.
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
Sandwich1
Suspended due to non-functional email address
|
14. June 2007 @ 04:37 |
Link to this message
|
|
Well that's very helpful, thanks.
|
|
deadlove
Suspended permanently
|
14. June 2007 @ 12:34 |
Link to this message
|
|
heh.. that's always the way with "beta" software ;-)
This message has been edited since posting. Last time this message was edited on 14. June 2007 @ 12:48
|
|
mysticgek
Suspended due to non-functional email address
|
17. June 2007 @ 00:13 |
Link to this message
|
I HAVE VISTA;NO PROBLEMS with VISTA - it's on for 24 hours.
BAD things can happen with HijackThis.
Go to www.kaspersky.com
Scan your Drive(slowly) with Online Kaspersky tool(FREE)
-Did you Upgrade from XP to VISTA?
-Did you use an OEM version?
-What speed is your Processor?
-How much RAM and what speed?
*****ONLY Under-Educated "experts" put down VISTA*****
FOLLOW MICROSOFT HARDWARE RULES ; VISTA WORKS.
You do not need HijackThis 2-find out what background progams are running. Let me know on what Kaspersky FINDS.
best regards
|
|
Sandwich1
Suspended due to non-functional email address
|
17. June 2007 @ 07:01 |
Link to this message
|
|
Thanks man, but it's ok. I sorted it out. Those files are still on my PC, but just aren't doing anything. Thanks anyways.
|
|
deadlove
Suspended permanently
|
18. June 2007 @ 03:28 |
Link to this message
|
I noticed you got some good and professional help from the nice guys over at ozzu.
As was mentioned there.. these are core system files and often seem to turn up in the avast virus chest without any harmful effects. The jury is still out on whether vista is vulnerable to most of the XP virus and trojan attacks. The first big mass virus release targeted at the "escalation of priveleges" exploits that are obvious in vista will tell all.
@ mysticgek.. You think vista is brilliant.. I'm sorry to disagree, but 80% of computer professionals don't think so, and the remainder don't see any need to use it... It's not an upgrade, it's a hollywood enforced lockout.. You want to be locked into a DRM filled world where every patch and click is reported, and every non licensed media file disables parts of your hardware? Fine, just don't come crying for help when it happens.. because the professionals will just say "Told you so, but you are too thick to listen"
Vista.. blow it out your ass!!
This message has been edited since posting. Last time this message was edited on 18. June 2007 @ 03:29
|
|
Sandwich1
Suspended due to non-functional email address
|
18. June 2007 @ 03:39 |
Link to this message
|
|
You're right. At first, when i got my PC, I was all "Oh, yeah, my PC's OS kicks your PCs' ass", but then I realized just what a heap of crap Vista actually is.
|
Member
|
18. June 2007 @ 07:20 |
Link to this message
|
Originally posted by Sandwich1:
You're right. At first, when i got my PC, I was all "Oh, yeah, my PC's OS kicks your PCs' ass", but then I realized just what a heap of crap Vista actually is.
And what did I say ...
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
Advertisement
|
|
|
|
Sandwich1
Suspended due to non-functional email address
|
18. June 2007 @ 07:56 |
Link to this message
|
|
Hey, I didn't deny it.
|
