HelpMeWithThis Posted May 30, 2008 Report Share Posted May 30, 2008 It was working fine this afternoon. Now I can barely get it to load, otherwise it crashes just after a few seconds.Here's the log file from HijackThis. Hopefully it should help you to help me.Logfile of HijackThis v1.99.1Scan saved at 11:24:10 PM, on 5/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~2\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~2\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~2\Grisoft\AVG7\avgemc.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Razer\Krait\razerhid.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Comodo\Firewall\CPF.exeD:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Razer\Krait\razerofa.exeC:\Program Files\ADSL\DSL206U ADSL USB Modem\DSLMON.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [adiras] adiras.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\wujfbnrn.dll",forkonceO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [Winsock2 driver] nidtlzg.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\jvxmdwsy.dll",sitypnowO4 - HKCU\..\Run: [µTorrent] "D:\Program Files\utorrent\utorrent.exe"O4 - Global Startup: DSLMON.lnk = C:\Program Files\ADSL\DSL206U ADSL USB Modem\DSLMON.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dllO12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FCB696DB-63AC-4B8F-9AE6-ADC13FD1D2C0}: NameServer = 85.255.113.106 85.255.112.111O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO21 - SSODL: prodigy1 - {269BB632-F367-4DAB-B5E1-7650CB6B102E} - prodigys323.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgemc.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oavblgwa.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe (file missing)O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 30, 2008 Report Share Posted May 30, 2008 O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe (file missing)O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oavblgwa.exe (file missing)Potential spyware/virus hereO21 - SSODL: prodigy1 - {269BB632-F367-4DAB-B5E1-7650CB6B102E} - prodigys323.dll (file missing)Old virus remnantLooks like you might have other problems on your system to worry about before you can tackle things. Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 31, 2008 Report Share Posted May 31, 2008 Most/all 8.3 names with random characters... in your system folders is a bad sign. You should run thorough scans from both default AV software as well as rootkit and spyware detection...O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\wujfbnrn.dll",forkonceO4 - HKLM\..\Run: [Winsock2 driver] nidtlzg.exeO4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\jvxmdwsy.dll",sitypnoware places to start...Do you know what that adiras is?Good luck cleaning your system. If you want/require further assistance run our cleaner software, and provide new logs... also seeing specifically which DLLs are loaded into uTorrent.exe via a Process Explorer DLL list may help you work faster.. if you have turned on the dll path column. You can access it similar to in uT, right click the column header. Switch to DLL mode, click utorrent.exe, and save the log... As long as uT isn't just force quit/dying, you can get this log even if uT crashes only after 5 seconds. Link to comment Share on other sites More sharing options...
Firon Posted May 31, 2008 Report Share Posted May 31, 2008 I suggest reinstalling Windows. Better than cleaning it. Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 31, 2008 Report Share Posted May 31, 2008 True, but in that case be sure you have at least SP2 media, or download the SP3 to something you can plugin to your computer to install from. You really shouldn't be installing while connected to the internet to be sure you don't get reinfected before patching whatever it was which possibly infected you in the first place.This PRESUMES you didn't get stuck with one of the ones with self-replicating payload which spreads over network/admin shares. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.