Oh God It's Eating My Computer Alive!

kissedthepixies
kissedthepixies
in Malware talk

I've been working on it with all the programs and things I could download.. I've slept 6 hours in the last two days.


This virus has taken over my life.... all I want is my email and guildwars machine back...please god...or forum gods.. hear my plea!


I'm another victim of the icons that look like windows icons and scare tactics popups. awvvu.exe is no stranger


I've got the same "NT_KERNAL_error_1256" as the others do.. yep. I'm thinking I have a virus. :wacko:


Logfile of HijackThis v1.99.1


Scan saved at 7:16:20 AM, on 1/22/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\csrss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe


C:\Program Files\CDBurnerXP\NMSAccessU.exe


C:\WINDOWS\system32\nvsvc32.exe


C:\Program Files\Spyware Doctor\svcntaux.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Spyware Doctor\swdsvc.exe


C:\Program Files\Spyware Doctor\SDTrayApp.exe


C:\Program Files\Trillian\trillian.exe


C:\WINDOWS\system32\wscntfy.exe


C:\WINDOWS\System32\alg.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\My Files\Security\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kissedthepixies.livejournal.com/


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\odtegeop.dll


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll


O11 - Options group: [iNTERNATIONAL] International*


O20 - Winlogon Notify: odtegeop - C:\WINDOWS\SYSTEM32\odtegeop.dll


O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe


O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe


O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)


O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe


O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Comments

  • farbar
    farbar

    I was sleepless too due to a flew and notice nobody has replied to your appealing post yet. I can see you are indeed infected like many others. If you have not managed to fix the nasty infection yet please do the following:


    • Describe in short what (tool or tools) you have already tried and what was the the result.

    • Your HJT version is old. Please remove it .You can download a Trend Micro Hijackthis installer from here:


      http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download


      Install it, run it and click Do a system scan and save a logfile.


      Please post the content of the logfile into your next reply.

    • I want to ask you to be patient and avoid using Internet and frequent rebooting (unless it is needed for disinfection) until you PC is clean. It may regenerates the infection again and again.

All Time Leaders

Categories

Defenders of the month