• Total Members: 12780
  • Latest: eduard
  • Total Posts: 28039
  • Total Topics: 8052
  • Online Today: 778
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: HELP!!!!!!!!!  (Read 7015 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Newbie
  • *
  • Posts: 2
  • KARMA: 0
« on: 03. December 2008., 00:51:02 »
My brother's boss ask me to fix his computer. The avg 2009 that is on the computert is not activated so it will not remove the viruses for me. I need to either find a program to removes these threats or remove them manually. I cannot get the computer to connect to the internet via LAN, I tried releasing and renewing the ip address thru command prompt using ipconfig/release and ipconfig/renew, but it didn't work. I am currently saving virus removal programs to a 128 Mb flash drive and transfering the programs to the sick computer via the flash drive. I have tried using Spybot S&D, HiJack This, and Malwarebytes Anti-Malware. Spybot won't work because I can't connect the computer to the internet and spybot has to be updated before it will allow me to run a scan. The computer won't run long enough for the Malwarebytes to run a full system scan and also I cannot update the Malwarebytes. Below the list of viruses I found is the log that I saved from Hijack This

Is there a way to save the updates to the flash drive?

This is some of his computer info.
Computer Manufacturer: Compaq Presario 061
Computer Model: PP195AA-ABA SR1 300NX NA510
Operating System: Windows XP Home Edition (service pack 2)

These are viruses that I have been able to find thru running AVG 2009:
Viruses type       Name                                      Run Type
Spyware            Spyware.IEMonster.d                 C://windows/system32/iesetup.dll
Spyware            Win32.PerFiler                           autorun
Spyware            Spyware.KnownBadSites             autorun
Spyware            Spyware.IMMonitor                    autorun
Spyware            Spyware.007SpySoftware           C://windows/system32/
Adware                   autorun
Adware              Adware.eXact.BargainBuddy        Registry
Trojan               Infostealer.Banker                      autorun
Trojan               Trojan.Tooso                             autorun
Trojan               Trojan.MailGrabber.s                   C://windows/system32/explorer.exe
Trojan               Trojan.Alg.t                               C://windows/system32/alg.exe
Trojan               Trojan.Win32.Agent.ado               hidden autorun
Trojan               Win32.Outsbot.u                         autorun
Trojan         autorun
Trojan               Trojan.BAT.Adduser.t                   C://windows/system32/
Trojan               Trojan.Clicker.EC                         C://windows/hidden/
Trojan               Trojan.Poison.J                           hidden autorun
Trojan         C://windows/
Trojan               Trojan-Downloader.VBS.Small.dc    C://windows/
Backdoor                              C://windows/system32/svchost.exe
Dialer                 Dialer.Xpehbam.biz_dialer             C://windows/system32/cmdial32.dll
Worms               Win32.Delbot.AI                          C://windows/system32/
Worms               Win32.Sdbot.ADN                        C://windows/temp/
Worms               Win32.Rbot.CBX                          C://windows/temp/
Worms               Win32.Miewer.a                           hidden autorun
Worms               Win32.Peacomm.dam                    autorun
Worms               Worm.Bagle.CP                            C://windows/system/
Worms               Win32.BlackMail.xx                       C://windows/
Worms               Win32.Sober.P                             hidden autorun
Worms               Win32.Sdbot.ADN                         C://windows/temp/
Worms               Win32.Rbot.CBX                           C://windows/temp/
Worms               Win32.Miewer.a                           

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:45 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\tinyproxy\tinyproxy.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [70cd6b0a] rundll32.exe "C:\WINDOWS\system32\xbshfqfs.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [67507670323213620575764765154802] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: puviyf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc)  - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

End of file - 8403 bytes

Thanks for taking the time to read all of this. I truely appreciate it.

Samker's Computer Forum -

« on: 03. December 2008., 00:51:02 »


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Re: HELP!!!!!!!!!
« Reply #1 on: 03. December 2008., 05:12:38 »
Hi Country27870 and welcome to SCF Portal.

I must to be honest with you, this is disaster.

But of course I'll try to help you.

Please copy & run this tool on infected PC:,4510.0.html

After that provide me new logs.




  • SCF Newbie
  • *
  • Posts: 2
  • KARMA: 0
Re: HELP!!!!!!!!!
« Reply #2 on: 16. December 2008., 17:47:39 »
Sorry the delay, but I have been out of town working. I tried running the program last night but the program wont start. What should I do?


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
No problem C. we are always here... :police:

We need to start from somewhere, please download all this tolls to infected PC and try to run & scan with them, one by one:

1. Kaspersky Virus Removal Tool, McAfee AVERT Stinger & Microsoft Windows Malicious Software Removal Tool from here:,4510.0.html 

2. SmitfraudFix:,1828.0.html

Finaly I need new logs: that would be HJT log and if it's possible to connect to internet Kaspersky Online Scan log:,734.0.html

I'll wait your new reply with (hope so) better results.




  • SCF Member
  • **
  • Posts: 37
  • KARMA: 3
Re: HELP!!!!!!!!!
« Reply #4 on: 04. October 2009., 08:30:36 »
dude try making a bartPE bootable cd, search it in google pebuilder there will be an option for mcafee scangui, its very useful.


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising