Computer infected/cannot access virus sites

Assembled computer / Assembled computer
August 14, 2009 at 14:01:42
Specs: Windows XP Pro SP2
I have Avast antivirus.
I had formatted my computer a while back and made a mistake of not installing an antivirus program immediately.
*After I did get down to installing it Avast kept giving me warnings about viruses.
*However when I chose the 'Delete' or 'Move to Chest' option it said that the file could not be found. Very few viruses could actually be found and deleted.
*All or most of these viruses seem to be in C:\Win|System32 folder.
*A few times these warnings used to pop up with such a high frequency that my computer used to hang.
*My browsing speed went down.
*I cannot access antivirus websites.

At this point I came across this page on your site:
http://www.computing.net/answers/se...

I downloaded and ran a scan with SDFix. I have the report. It said that it has deleted a few files.

Then I also ran Hijack this.

I'm posting both the log files below.
Any help is greatly appreciated.
Thanking you in anticipation.


See More: Computer infected/cannot access virus sites

Report •


#1
August 14, 2009 at 14:03:26
The report from SDFix:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[b]SDFix: Version 1.240 [/b]
Run by Administrator on Fri 08/14/2009 at 06:24 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\NetworkService\Application Data\sysproc64\sysproc32.sys - Deleted
C:\Documents and Settings\Administrator\smss.exe - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\system\Update.exe - Deleted
C:\WINDOWS\system32\drivers\csrss.exe - Deleted
C:\WINDOWS\system32\setting.ini - Deleted
C:\WINDOWS\system32\oembios.exe - Deleted
C:\WINDOWS\system32\sysproc64\sysproc32.sys - Deleted
C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla - Deleted
C:\WINDOWS\system32\sysproc64\sysproc86.sys - Deleted

Folder C:\Documents and Settings\NetworkService\Application Data\sysproc64 - Removed
Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed
Folder C:\WINDOWS\system32\sysproc64 - Removed


Removing Temp Files

[b]ADS Check [/b]:


[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 18:29:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aesbvcnk]
"DisplayName"="Server Monitor"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Loads files to memory for later printing."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aesbvcnk\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\lcjotp.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aesbvcnk]
"DisplayName"="Server Monitor"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Loads files to memory for later printing."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aesbvcnk\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\lcjotp.dll"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\yrujg2wn\\ginder86.exe"="C:\\Program Files\\Common Files\\yrujg2wn\\ginder86.exe:*:Enabled:b0tgh7678"
"%windir%"="mssrv32.exe"
"C:\\Program Files\\Common Files\\System\\gfdert.exe"="C:\\Program Files\\Common Files\\System\\gfdert.exe:*:Enabled:GFdert"
"C:\\Documents and Settings\\LocalService\\Application Data\\microsoft\\download.exe"="C:\\Documents and Settings\\LocalService\\Application Data\\microsoft\\download.exe:*:Enabled:GFdert"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 12 Aug 2009 57,344 ..SH. --- "C:\cmofy.exe"
Tue 28 Jul 2009 36,864 ..SH. --- "C:\jpvhc.exe"
Sun 2 Aug 2009 36,864 ..SH. --- "C:\lxfll.exe"
Fri 24 Jul 2009 24,576 ..SH. --- "C:\nnfdr.exe"
Fri 24 Jul 2009 24,576 ..SH. --- "C:\nsfha.exe"
Sun 2 Aug 2009 36,864 ..SH. --- "C:\qgxux.exe"
Tue 28 Jul 2009 36,864 ..SH. --- "C:\zlzbr.exe"
Wed 22 Jul 2009 61,440 ..SH. --- "C:\smss\smss.exe"
Sun 2 Aug 2009 81,920 ..SH. --- "C:\system13\smss.exe"
Wed 22 Jul 2009 81,920 ..SH. --- "C:\system32\smss.exe"
Sat 8 Aug 2009 98,304 ..SHR --- "C:\WINDOWS\mssrv32.exe"
Fri 24 Jul 2009 117,372 ..SHR --- "C:\Documents and Settings\LocalService\winlogon.exe"
Tue 28 Jul 2009 1,548,120 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 4 Aug 2004 128,480 A.SHR --- "C:\WINDOWS\system32\lcjotp.dll"
Tue 11 Aug 2009 109,568 ..SHR --- "C:\Program Files\Common Files\System\gfdert.exe"
Sat 18 Jul 2009 48,128 ..SHR --- "C:\Program Files\Common Files\yrujg2wn\ginder86.exe"
Tue 11 Aug 2009 109,568 ..SHR --- "C:\Documents and Settings\LocalService\Application Data\Microsoft\download.exe"
Wed 12 Aug 2009 200,192 ...H. --- "C:\Documents and Settings\LocalService\Application Data\Microsoft\winlog.exe"
Thu 23 Jul 2009 117,372 ..SHR --- "C:\WINDOWS\system32\config\systemprofile\winlogon.exe"

[b]Finished![/b]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


Report •

#2
August 14, 2009 at 14:04:22
Report from HijackThis:

XXXXXXXXXXXXXXXXXXXXXX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:15 AM, on 8/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\yrujg2wn\ginder86.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\System\gfdert.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\system13\smss.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mssrv32.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program

Files\Autodesk\SketchBookPro2009\SketchBookSnapshot.ex

e
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and

Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\s

ystem32\sdra64.exe,
O2 - BHO: IDM Helper -

{0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program

Files\Internet Download Manager\IDMIECC.dll (file

missing)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Login System Agent v2]

C:\Documents and Settings\Administrator\smss.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program

Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run:

[{sys_service}5315548472616459807097872855788902431856

234451663055577984112553856674793783740370565452822713

510119292303271367789448366691690121128133517565594880

549915119659114022849569497356111848371801777318961296

251046021083242075595029403608336816068301574428546177

98] system key
O4 - HKLM\..\Run: [Windows Updates]

c:\windows\system\Update.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8331]

command.com /c del

"C:\WINDOWS\system32\vcmgcd32.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9362]

command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3038] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7270]

command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7149] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program

Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Updates]

c:\windows\system\Update.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7284]

command.com /c del

"C:\WINDOWS\system32\vcmgcd32.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6836] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4865]

command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9930] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9648]

command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8821] cmd.exe /c

del "C:\WINDOWS\system32\vcmgcd32.dll"
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

un: [SpybotSD TeaTimer] C:\Program Files\Spybot -

Search & Destroy\TeaTimer.exe (User '?')
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

un: [µTorrent] "C:\Program

Files\uTorrent\utorrent.exe" (User '?')
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

un: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background (User '?')
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

un: [Windows Updates] c:\windows\system\Update.exe

(User '?')
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

unOnce: [SpybotDeletingB7284] command.com /c del

"C:\WINDOWS\system32\vcmgcd32.dll_old" (User '?')
O4 -

HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R

unOnce: [SpybotDeletingD8821] cmd.exe /c del

"C:\WINDOWS\system32\vcmgcd32.dll" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Updates]

c:\windows\system\Update.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Windows Updates]

c:\windows\system\Update.exe (User 'Default user')
O4 - Global Startup: SketchBook Snapshot.lnk =

C:\Program

Files\Autodesk\SketchBookPro2009\SketchBookSnapshot.ex

e
O8 - Extra context menu item: Download all links with

IDM - C:\Program Files\Internet Download

Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video

content with IDM - C:\Program Files\Internet Download

Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM -

C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O23 - Service: 8hut56u (7truityui) - Unknown owner -

C:\Program Files\Common Files\yrujg2wn\ginder86.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv)

- Unknown owner - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GF dert (GFdert) - Creabit Development

- C:\Program

Files\Common Files\System\gfdert.exe
O23 - Service: iPod Service - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server

(maya70docserver) - Unknown owner - C:\Program

Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent

Service (default)) - Analog Devices, Inc. - C:\Program

Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7754 bytes

XXXXXXXXXXXXXXXXXXXXXXXXXXXX


Report •

Related Solutions


Ask Question