LinkBack URL
About LinkBacksPlease check pms.
Please check pms.
Amitava83 (25-04-2010)
My machine had crashed!!
I have replied to your PMs....Please check.
Your machine appears to have crashed again (due to teamviewer and kaspersky). The teamviewer sessions are incredibly slow too... Far too slow for me to do any real work on it. I can try again, but i'll soon have to be going - work tomorrow and i've got got a paper to write
I'll leave you with some links - combofix http://www.bleepingcomputer.com/comb...o-use-combofix
sdfix http://www.bleepingcomputer.com/files/sdfix.php
Your hijackthis log is looking clean from the glimpse i got on the teamviewer session, however feel free to post another.
Also feel free to post the situation with the internet on reboot and the task manager issue. If taskmgr.exe is indeed missing and you do not have a windowsxp disc to restore it from, here is a copy of taskmgr.exe i just pulled off my xp machine.
http://rapidshare.com/files/379761843/taskmgr.zip
You could always put that file back in C:\Windows\system32 - bearing in mind that is from a SP3 machine. I assure you the file is clean and an original, however feel free to scan it on jotti.
I'll be online for another 30 mins should you wish to try teamviewer again.
Cheers.
I've always found Teamviewer very slow when I've had to use it at work. Feel free to try me - I'll be online for another few hours. http://www.crossloop.com/smargh
Note that the first thing I'd do is uninstall Kaspersky and disable all things from autostart which aren't essential to get Windows running normally.
You might have to get him to uninstall kaspersky before you teamviewer - as soon as you touch it (whether it be in the system tray or the ui itself) it crashes teamviewer.Originally Posted by smargh
If you continue tonight goodluck there isnt much that needs doing i dont think bar resurrecting a few of the windows problems. I've now gotta continue writing my paper on malware mitigation techniques
Cheers.
You might have to get him to uninstall kaspersky before you teamviewer - as soon as you touch it (whether it be in the system tray or the ui itself) it crashes teamviewer.
If you continue tonight goodluck there isnt much that needs doing i dont think bar resurrecting a few of the windows problems. I've now gotta continue writing my paper on malware mitigation techniques
Cheers.
hey guys last night my system had crashed for the second time and it was almost 4:30 am so had to catch some sleep.
My Internet connectivity is getting corrupted(Destination Host Unreachable) every time I restart XP.I've had to run WinSock XP everytime to get this fixed...
Please advice how you guys can connect to my system other than using Teamviewer(as it is so slow).Just tell me what to do and I'll do it.
More updates coming up.
I prefer that you guys execute Combofix on my machine through Remote Login rather than myself...I'm not an expert and I've heard this tool is quite tricky.Your machine appears to have crashed again (due to teamviewer and kaspersky). The teamviewer sessions are incredibly slow too... Far too slow for me to do any real work on it. I can try again, but i'll soon have to be going - work tomorrow and i've got got a paper to write
I'll leave you with some links - combofix http://www.bleepingcomputer.com/comb...o-use-combofix
here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:35 AM, on 4/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nlssrv32.exe
J:\amitdb\bin\nmesrvc.exe
J:\amitdb\bin\isqlplussvc.exe
J:\amitdb\BIN\TNSLSNR.exe
J:\amitdb\jdk\bin\java.exe
j:\amitdb\bin\ORACLE.EXE
C:\WINDOWS\system32\cmd.exe
J:\amitdb\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
J:\amitdb\jdk\bin\java.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
J:\amitdb\bin\emagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/yco...tp://www.yahoo.
com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2010\klwtbbho.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MDS_Menu] "F:\Program Files\CyberLink\MediaShow
Espresso\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "F:\Program
Files\CyberLink\MediaShow Espresso\MediaShow Espresso"
UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.5"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program
Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security
2010\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard -
{4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
- F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck -
{CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://update.microsoft.com/windowsu.../en/x86/client
/wuweb_site.cab?1259424836671
O17 -
HKLM\System\CCS\Services\Tcpip\..\{4363DC25-F2D6-42B0-B029-73575FC6AD
35}: NameServer = 172.16.0.1,202.54.1.63
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} -
F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~
1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. -
C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: HDD & SSD access service - Unknown owner - C:\Program
Files\Common Files\BinarySense\disksvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program
Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - F:\xampp\mysql\bin\mysqld.exe
(file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron
Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure
Networks, Inc. - C:\Program Files\Pure Networks\Network
Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure
Networks, Inc. - C:\Program Files\Pure Networks\Network
Magic\nmsrvc.exe
O23 - Service: OracleDBConsoleamitdb - Oracle Corporation -
J:\amitdb\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home2iSQL*Plus - Oracle -
J:\amitdb\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home2TNSListener - Unknown owner -
J:\amitdb\BIN\TNSLSNR.exe
O23 - Service: OracleServiceAMITDB - Oracle Corporation -
j:\amitdb\bin\ORACLE.EXE
O23 - Service: PrTgressep - Unknown owner -
C:\WINDOWS\system32\srvany.exe
--
End of file - 7548 bytes
[QUOTE=CrazyMonkey;1912358]Also feel free to post the situation with the internet on reboot and the task manager issue. If taskmgr.exe is indeed missing and you do not have a windowsxp disc to restore it from, here is a copy of taskmgr.exe i just pulled off my xp machine.
http://rapidshare.com/files/379761843/taskmgr.zip/QUOTE]
yes I have restored Taskmanager.Thanks a LOT friend.I took your file only.
However,the Internet problem(Destination Host Unreachale) is recurring.I've had to run WinSockXP everytime to repair the settings everytime I restart XP.
Also,Kaspersky is now at 235458th file and it has detected 21 threats till now.I cannot simply stop the scan.
And as you saw yourself last night,system is sluggish and freezes randomly.
I really hate Kaspersky, didn't work as good as Avira, and it slows down the PC.
If it's found 21 infections, let it run, and then clean it.
I forgot to mention this.
Disable your internet connection while scanning and removing malware - You don't need it enabled - And as the infection looks quite serious, you have no idea what an internet connection is doing.
After Kaspersky has finished, uninstall that piece of crap and install free Avira Antivirus.
And why is everyone going against each other here? We are helping a guy solve a problem, if someone suggests something first, don't unsuggest and make it more diffucult for the guy.
Scanning two Malware scans at the same time is fine, one might pick up another - And if both find the same infections, whatever one you fix it with first will solve it, the second one will simply think it's fixed it as it no longer exists.
Amitava83 (25-04-2010)
? We're not - it ended up as a tag team kind of thing when he had to go to finish writing his thing.
Sometimes tactics change when dealing with annoying malware.
@SammEl: I have PMed you my hotmail Id..I'm currently logged in there...I have never used it so please guide me as to how to allow you to remotely access my machine.And I may add that I have only a 256kbps Internet Speed...
Update.
Connected to his PC, Kaspersky is crippling it big time, I couldnt even select it, so I asked him too.
When he tried to uninstall it, his PC crashed as mentioned above, will sort this.
Amitava83 (25-04-2010)
Right its gone, whew.
Okk guys here is the latest update.
After a marathon 5 hour session with Sammy on TeamViewer,it looks as if now my system is finally rid of all evil things.
I have absolutely no words to say thanks to him.....!!!
One problem is still left though:
The winsock xp fix is not working.That is,it works when I run it and reset it.But as soon as iIrestart XP and ping my DNS(172.16.0.1),I get "Destination Host Unreachable" and I cannot access Internet.
It is somewhat similar to the problem here http://www.techsupportforum.com/netw...-not-work.html
I'm not a techie guy so please guys i look upon you to help me root out this last bit.
Thanks and Regards
AD
here is the latest Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:42 PM, on 4/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nlssrv32.exe
J:\amitdb\bin\nmesrvc.exe
J:\amitdb\bin\isqlplussvc.exe
J:\amitdb\BIN\TNSLSNR.exe
J:\amitdb\jdk\bin\java.exe
j:\amitdb\bin\ORACLE.EXE
C:\WINDOWS\system32\cmd.exe
J:\amitdb\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
J:\amitdb\jdk\bin\java.exe
J:\amitdb\bin\emagent.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MDS_Menu] "F:\Program Files\CyberLink\MediaShow Espresso\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "F:\Program Files\CyberLink\MediaShow Espresso\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.5"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259424836671
O17 - HKLM\System\CCS\Services\Tcpip\..\{4363DC25-F2D6-42B0-B029-73575FC6AD35}: NameServer = 172.16.0.1,202.54.1.63
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - F:\xampp\mysql\bin\mysqld.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: OracleDBConsoleamitdb - Oracle Corporation - J:\amitdb\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home2iSQL*Plus - Oracle - J:\amitdb\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home2TNSListener - Unknown owner - J:\amitdb\BIN\TNSLSNR.exe
O23 - Service: OracleServiceAMITDB - Oracle Corporation - j:\amitdb\bin\ORACLE.EXE
O23 - Service: PrTgressep - Unknown owner - C:\WINDOWS\system32\srvany.exe
--
End of file - 7358 bytes
In HijackThis, go to "Misc Tools" - it has an option to delete files after a reboot. Do it on those two files and see how it goes.O23 - Service: PrTgressep - Unknown owner - C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
If SammEl already did these two (or similar) things before, then there's probably something else hidden in the background.
Amitava83 (25-04-2010)
What's wrong with the second one smargh?
EDIT
Was thinking, these are all old infections.
Last edited by SammEl; 25-04-2010 at 11:31 AM.
Amitava83 (25-04-2010)
There are currently 2 users browsing this thread. (0 members and 2 guests)
Posting Permissions
