Virus For Months

**kompressaur** · #1 (**permalink**) 30-04-2008, 18:12

Ive had a virus since mid january. My net surfing is shocking and it makes me want to go aaaaaaaaaaaarrgghhhhh and wreck the living room. I need to finally fix it or reinstall windows. Lets have one last chance to save it as i aint doing nowt online till its fixed as my life is hell

i thinkink its a servicelayer.exe problem. I get 2 files downloaded dl.htm and watermark.html Both browser files and full of right virusy looking things. im awmy wits end. anyone see anything in this?

Running processes:
C

WINDOWS\System32\smss.exe
C

WINDOWS\system32\winlogon.exe
C

WINDOWS\system32\services.exe
C

WINDOWS\system32\lsass.exe
C

WINDOWS\system32\svchost.exe
C

WINDOWS\System32\svchost.exe
C

Program Files\COMODO\Firewall\cmdagent.exe
C

WINDOWS\system32\svchost.exe
C

WINDOWS\System32\svchost.exe
C

WINDOWS\Explorer.EXE
C

Program Files\COMODO\Firewall\cfp.exe
C

WINDOWS\system32\ctfmon.exe
C

WINDOWS\system32\notepad.exe
C

Program Files\Mozilla Firefox\firefox.exe
C

Documents and Settings\komp\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C

Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C

Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C

Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - :C

Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c

program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C

Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - :C

PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c

program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C

Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [MSConfig] C

WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Customize Menu - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C

PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C

Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C

Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C

Documents and Settings\komp\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C

Documents and Settings\komp\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C

Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C

Microgaming\Poker\32RedMPP\MPPoker.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C

Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C

Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C

Microgaming\Poker\bet365MPP\MPPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C

Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C

Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C

Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199695972562
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C

PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C

PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C

WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: NavLogon - C

WINDOWS\
O23 - Service: ServiceLayer - Nokia. - C

Program Files\PC Connectivity Solution\ServiceLayer.exe

nah that service layer is my phone software

**kompressaur** · #2 (**permalink**) 30-04-2008, 18:17

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

shouldnt be there

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

wtf is that doing there too. proxy overide sounds real bad

johnnybgood · #3 (**permalink**) 30-04-2008, 18:28

I had similair feeling months ago. I run all posible antivirus programs, but on the end it was graphic card that overheated very fast and slow down all running processes. After I opened sides and start to cool my PC down with external ven., it is working fine ever since.

I know shit about all that and am sure here are few folks that will figure that out, just wanted to share my experience.

**kompressaur** · #4 (**permalink**) 30-04-2008, 18:40

thanks for sharing that with me Johnny. I think im on reinstal territory now. Ive had enough. My problem now is i only have blank dvds and im wondering if windows will go on them proper. suppose it must. I'll go get a copy of windows from here
http://www.katzforums.com/forumdisplay.php?f=23

I might try Kaspersky virus software forst though and see if it can help

**kompressaur** · #5 (**permalink**) 30-04-2008, 18:41

maybe i will just got for this-
http://www.katzforums.com/showthread.php?t=100665

Windows Xp Pro Sp3-5508 Gold Transparency

MULTILANGUAGE- NO LANGUAGES TOUCHED
(INSTALLS IN ENGLISH BY DEFAULT)

NO SERIALS NEEDED
PASSES ALL M/S VALIDATION CHECKS
OBTAIN M/S UPDATES WITHOUT CONCERN

BURN ISO TO BOOTABLE CD OR DVD AT SLOW SPEED (SUGGEST

X1)
AND INSTALL FROM BOOT; CHOOSING FULL FORMAT OPTION

**kompressaur** · #6 (**permalink**) 30-04-2008, 18:43

man that will take me forever to get on rapidshare

i better go see some rapidshare tips

**kompressaur** · #7 (**permalink**) 30-04-2008, 19:35

im getting this bad boy

Windows Vista Black Dream SP3 Final Build 5508
http://www.katzforums.com/showthread.php?t=89164

**kompressaur** · #8 (**permalink**) 01-05-2008, 07:13

heh heh im back. Just a shame im about to find a million things that i wish i saved

**kompressaur** · #9 (**permalink**) 01-05-2008, 11:14

man this is a joy