i need some help

[Paul14]

i hve tried a few things and cant get rid of this virus i hve tried a few scanners and they all hve diff names for it or them im not really sure but i got a hijackthis log file and would be greatful for some help thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:34:54 PM, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\paul\My Documents\hijackthis\hijackthis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: MSCOMM32.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153896615390
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\bin\iPodService.exe

ne help would be great thanks

[galooma]

can you relate some of the problems you are having .
can you tell us what scans you have done and who detected what and where it was located?
 these are important questions . scan again if you forgot or ignored the responses.

[DavidR]

i hve tried a few things and cant get rid of this virus

What have you tried ?
What virus ?
How was it detected, what detected it or what makes you think/suspect you have a virus, symptoms, etc. The more information you can give us the better.

Here is an on-line analysis of your log file http://hijackthis.de/logfiles/060bca3e8ae0f0b2e7d8aab7f5c58ea7.html

       O4 - Global Startup: MSCOMM32.EXE is listed as unknown, what do you know about it
A google search for this indicates a trojan backdoor (MSCOMM32.EXE is Trojan/Backdoor BBQ, AKA TROJ SMALL.BBQ) and considering you don't appear to have an active firewall present you will be fighting an uphill battle to get clean. So you should tick fix in HJT.

See Troj_Small.BBQ info

[Spiritsongs]

   Hi Paul :

     HijackThis logs are best analyzed by Experts on
     antiSPYWARE forums; however, since you do not appear
     to have an antispyware program ( Ewido is antiTROJAN ),
     I recommend the Experts at www.landzdown.com .
     By the way, your Sun Java program is 4 Updates behind;
     therefore, it is a serious security risk . It should be
     uninstalled, then go to www.java.com & get their latest .

[DavidR]

Yawn, sending Paul to landzdown isn't going to answer the questions we have asked to try and help him also, what questions or advice have we offered Paul that is sooooo wrong.

[essexboy]

This is the problem  MSCOMM32.EXE
See here http://www.greatis.com/appdata/d/m/mscomm32.exe_Removal.htm

[DavidR]

That removal link isn't a removal tool but an invitation to buy RegRun. I don't like that tactic, give the person a headache (tell them whats wrong) and then sell them an asprin.

[Paul14]

thanks for ur help every1 so far the infected file is C:\windows\system32\iedld.dll says it is infected with trojan.gen (other) this is using avast

some of the symptoms r the computer doesnt like to open a lot of programs it just crashes freezes up a bit is pretty slow now to

um i hve tried just bout every free malware removal program i can find used some of the online scanners they found this virus and others but cannot remember the names of the viruses

i ran another scan with hijackthis and i cannot find mscomm32.exe ne more

once again thanks very much for ur help so far

[Paul14]

the latest is avast resident scanner is no longer workin

[galooma]

try running a boot time scan . check your help files for how .
move anything detected to chest , post back if you have any problems.
have you tried digging down to system32 file and deleting the dll file manually?

you can scan the file with multiple scanners to get a broader opinion at http://virusscan.jotti.org/  good luck

[Lisandro]

the latest is avast resident scanner is no longer workin

What is the error message?
Why does avast stop working?

[Paul14]

hve run boot scan a few times and keep either deleting or moving to the chest but still comes back cannot find the file to delete it manually

the avast msg is "The AAVM subsystem detected a RPC error."

as u can prob tell im not that cluey bout this sort of stuff so what ever u reccomend to do try dumb it down a bit so i can understand thanks for ur help

[Lisandro]

hve run boot scan a few times and keep either deleting or moving to the chest but still comes back cannot find the file to delete it manually

It should be enough using the boot time scanner.
Anyway, if a virus is replicant (coming and coming again), you should, besides scheduling a boot time scanning with avast,
1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Use a-squared or ewido (trojan removers).

the avast msg is "The AAVM subsystem detected a RPC error."

Do you have any other antivirus in this computer?

[Paul14]

i am not the administrator on the comp but when i run disk clean up does it clean every1s temp files or just mine if so how do i clean them and where do i find a-squared thanks

[DavidR]

AAVM subsytem detected and RPC error. http://www.avast.com/eng/faq-other-questions.html#idt_1539