Few problems...

[Gradia]

First, today I ran my virus scan and find this:

 

 

 

 

 

 

 

 

 

 

Any idea what it is and how I can delete it?

 

 

 

 

 

 

 

Also, my computer has been acting quite weird lately, I haven't been able to open Ad-Aware/Spybot. It just closes after about 5 seconds. This also happens with Firefox, if I have it open for about 10 minutes.

 

 

 

 

 

 

 

Erm... Thats about it. :oops:

[Gradia]

I am also using Windows XP if that helps...

[grin_king]

Reboot into "Safe Mode with Networking".

 

 

 

Scan using http://housecall.antivirus.com

 

 

 

Scan with Ad-Aware SE

 

 

 

Scan with HiJackThis

 

 

 

reboot into "normal" mode.

 

 

 

 

 

 

 

Post a HJT log here.

[zonda]

If you don't know how to boot up in safe mode with networking here is how:

 

 

 

 

 

 

 

Restart your computer, and as it is restarting hit F8 repeatedly untill you get a screen asking how you would like to boot up. Then just use the up and down arrows to select 'safe mode with networking' and hit enter :wink:

[Gradia]

Done. I keep getting a problem with Housecall... So I just used AVG. It picked up this:

 

 

 

 

 

 

 

Ad Aware didn't pick up anything serious.

 

 

 

 

 

 

 

Here is the HJT Log:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1



Scan saved at 7:43:23 AM, on 7/04/2005



Platform: Windows XP SP1 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]



C:\apps\ABoard\ABoard[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



C:\Program Files\D-Link\DSL-200\dslagent[Caution: ExecutableFile]



C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]



C:\apps\ABoard\AOSD[Caution: ExecutableFile]



C:\WINDOWS\system32\slserv[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Microsoft IntelliType Pro\type32[Caution: ExecutableFile]



C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]



C:\Program Files\Microsoft IntelliPoint\point32[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]



C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost[Caution: ExecutableFile]



C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: ExecutableFile]



C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]



C:\WINDOWS\System32\wuauclt[Caution: ExecutableFile]



C:\Documents and Settings\Stephen Bell\Desktop\HijackThis[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]







R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsmedia.com/9series/



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx



O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker[Caution: ExecutableFile]



O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: ExecutableFile]" /r



O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard[Caution: ExecutableFile]



O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat[Caution: ExecutableFile] icon



O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP



O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]



O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [WinService32] C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost[Caution: ExecutableFile]



O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt[Caution: ExecutableFile]



O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll



O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab



O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]



O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv[Caution: ExecutableFile]



O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]



O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

[grin_king]

Done. I keep getting a problem with Housecall... So I just used AVG.

 

 

 

 

 

 

 

What kind of problem ???

 

 

 

(Sorry, don't have time to check your HJT log jsut at the moment)

[Mercifull]

You are running SP1 so you seriously need to consider upgrading to SP2. Microsoft will stop issueing patches for SP1 shortly and you are already vulnerable to several critical exploits. SP2 has been around for months now.

 

 

 

 

 

 

 

The only thing that looks a bit weird is this.

 

 

 

O4 - HKLM\..\Run: [WinService32] C:\Program Files\Common Files\Microsoft Shared\DAO\System32\svchost[Caution: ExecutableFile]

 

 

 

Dont do anything with it just yet until some one else can identify this. Thats not supposed to be the location of that exe :-/

[devilheart14]

i had that not long ago but its seemed to have disapeared or it has been removed

[Gradia]

 

Done. I keep getting a problem with Housecall... So I just used AVG.

 

 

 

 

 

 

 

What kind of problem ???

 

 

 

(Sorry, don't have time to check your HJT log jsut at the moment)

 

 

 

 

 

 

 

I tried it first in Firefox, it didn't work. So I tried it in IE, and it was lagging rather bad. It wouldn't let me click "Scan".

[Gradia]

Okay... I upgraded to SP2 now.

[Gradia]

Still have the same problem...

[Mercifull]

Turn off System Resore temporarily and then do a full virus scan