|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
08-09-2008
| #1 (permalink) |
| Vista x64 Ultimate | Left UAC off...Huge virus problems Turned off UAC in Vista x64 Ultimate Received an e-mail that appeared to be my CNN alerts. It was Antivirus XP 2008 virus. Avast Pro 4.8 has been finding viruses in both Safe Mode and regular. Search and Destroy can't seem to deal with them. Backing up my data right now. Ready to reinstall everything. S&D reports clear. IE7 does not always work. I reset and internet connection gets blocked. Antivirus XP 2008 Exchanger Trojan Other Trojan horses When I clear all viruses and activate UAC the Trojan horses are still present. Code: Logfile of HijackThis v1.99.1 Scan saved at 11:19:05 AM, on 8/9/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\IEPro\MiniDM.exe E:\My Documents\My Downloads\hijackthis(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News - msnbc.com- MSNBC.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Popup] "C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Supero Doctor III Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://E:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O15 - Trusted Zone: Adobe O15 - Trusted Zone: Americorp Financial: Capital Equipment Leasing O15 - Trusted Zone: http://rdm.eamericorp.com O15 - Trusted Zone: Cruises to Alaska, Europe, the Caribbean, Mexico and the world on Holland America, one of the best cruise lines O15 - Trusted Zone: PlanetAMD64 Home Page O15 - Trusted Zone: SCIFI.COM O15 - Trusted Zone: http://www.scsiraidguru.com O15 - Trusted Zone: TREND MICRO HouseCall 6.5 O15 - Trusted Zone: http://www.vistax64.com O15 - Trusted IP range: http://192.168.0.150 O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - http://rdm.eamericorp.com/crystalrep...iveXViewer.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://symantec.webex.com/client/T2...t/ieatgpc1.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F834BB09-03DF-4091-9E11-87B3FC944789}: NameServer = 64.233.217.3,64.233.217.5 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MSMFramework - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\Windows\SysWOW64\SD3Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\Xitami\xisrv32.exe |
My System Specs |
|
08-09-2008
| #2 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems Hello. This would be easier to deal with if you attached the log file instead of copy/paste. That way we could open it with "Notepad". Later  Ted |
| My System Specs |
|
08-09-2008
| #3 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems Ok. |
| My System Specs |
|
08-09-2008
| #4 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems I have been told that these guys are the BEST at HJT. You may want to post it over there also. SWI Forums -> Malware Removal Keep us informed! Later  Ted |
| My System Specs |
|
08-09-2008
| #5 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems Avast is also working on it. |
| My System Specs |
|
08-09-2008
| #6 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems |
| My System Specs |
|
08-09-2008
| #7 (permalink) |
| Vista X64 Ultimate | Re: Left UAC off...Huge virus problems  Quote: Originally Posted by SCSIraidGURU  Avast is also working on it. Keep at it, and hopefully you can get this sucker removed, without having to blow a lot of money to take the machine in to a computer repair shop and have them remove it. |
| My System Specs |
|
08-09-2008
| #8 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems All that "Unknown Owner/File Missing" stuff doesn't look good. I haven't 'seen' Sidney1st around lately, your best bet may be to visit a HJT forum after you do all Avast and the others can do. Later Ted |
| My System Specs |
|
08-09-2008
| #9 (permalink) |
| Vista x64 Ultimate | Re: Left UAC off...Huge virus problems My quick links open properties on click instead of launching. I am backing up to tape. I am going to blow everything away and reinstall from scratch. After the backup is done. I will turn off the other two workstations. Boot Vista x64. Remove all partitions from my main workstation. Shutdown for 10 minutes. Reinstall everything. |
| My System Specs |
|
08-09-2008
| #10 (permalink) |
| Vista 64-bit Ultimate Win7 64-bit Ultimate XP SP3 32-bit Pro | Re: Left UAC off...Huge virus problems That may be easier than waiting on a HJT forum for help! Sorry to see this happen to you ...  Later Ted |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Having huge problems with Windows Mail | Vista mail | |||
| Huge problems with Vista Ultimate 64 bit | Vista General | |||
| Problems since virus removal | Vista performance & maintenance | |||
| hardware problems or virus | Vista performance & maintenance | |||
| Anti Virus Problems | Vista security | |||
