Free Malware Removal Forum

[seremina]

I have to come here to get real help. I'm suffering GBs of bandwidth loss, had suffered some changes in security software, have had a battle with the hacker over my firewall, and the intrusions run at a pace of 100 per 1 minute. For details, here's where I went to for help...yet it got nowhere...

http://forums.pcpitstop.com/index.php?s ... try1452763

Can anybody please help a novice that's still struggling after YEARS to figure stuff out and has ruffled feathers? I'd appreciate a lot of help, simple English, and step by step instructions. I'm losing my sanity.

And here's my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:40 AM, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Aston\aston.exe
C:\PROGRA~1\Aston\XP\internat.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DriveSentry\DriveSentry.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\Firewall\Repair\cfp.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Xdrive\XDRIVE~1\XdrSmb.exe
C:\Program Files\Comodo\Firewall\Repair\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera 9\Opera.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\My Documents\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DriveSentry] C:\Program Files\DriveSentry\DriveSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\Repair\cfp.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe"
O4 - HKCU\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\fum\fumiebtn.dll (file missing)
O9 - Extra button: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\Documents and Settings\Compaq_Owner\Desktop\hijack\toolbarcop\Toolbarcop.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: ToolbarCop - {A349A035-E26F-454b-ABB4-5208E50E1BE7} - C:\Documents and Settings\Compaq_Owner\Desktop\hijack\toolbarcop\Toolbarcop.exe (file missing) (HKCU)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: Cab - http://www.issist.com/products/iZoomWeb/ActiveX.CAB
O16 - DPF: PCPitstop-Tracks-Checker -
O16 - DPF: Yahoo! Go -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} -
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} -
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} -
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} -
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\Repair\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 10288 bytes

[Gary R]

As you are already being helped with this at PC Pitstop

http://forums.pcpitstop.com/index.php?s ... try1452755

It is not appropriate that we keep this thread open.

This topic is now closed.

Gary R