Win32:Dialer-gen 13[trj] plse help me

hi there hope some one can help me :-
my avast scaner is detecting a Win32:Dialer-gen 13[trj] n only gives me the option to abort conection … no more… i dunno where 2 find it that trojan… my computer is slow now… n my borad band connection falls so often… i read that this trojan is not really harmful in broadband… even though im so worried cuz my computer is too slow … i scanned with hijackthis and with smitfraudfix but i dnt understand the results can some one help me plse… n xplain me what shall i do… thnx…

this is the report

Logfile of HijackThis v1.99.1
Scan saved at 5:46:01 PM, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Archivos de programa\Atheros\ACU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\utorrent\utorrent.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
D:\Nueva carpeta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM..\Run: [ACU] “C:\Archivos de programa\Atheros\ACU.exe” -nogui
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe” /background
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O17 - HKLM\System\CCS\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
O17 - HKLM\System\CS1\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Servicio de configuración de Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


SmitFraudFix v2.131

Scan done at 17:30:21.25, 25/12/2006
Run from C:\Documents and Settings\Johann\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johann

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johann\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Johann\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Mi p gina de inicio actual”

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=" "

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“System”=“”

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

This is because the Web Shield has intercepted this trojan before it gets to your system, the Abort Connection effectively drops that connection that is trying to download the file, so it isn’t on your system.

That isn’t to say there might not be something else that has tried to download this trojan.

Do you have a firewall, if so what ?
The on-line analysis reports on active firewall detected.

Try this on-line analysis site, http://hijackthis.de/index.php, check any that might be Nasty, Possibly Nasty, Unknown, etc. google the entries or file names to ensyre they are bad. You can also upload suspect files for scanning.

This is reported as Extremely Nasty unless you know different - O20 - AppInit_DLLs:

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

Curiously are not adware or spybot catching these new generation dialers?

this is the warning i’ve gotten from avast

http://img84.imageshack.us/img84/3703/imagen1bc0.gif

… i installed
spybot search n destroy n a-squared free they found some infected files n deleted them but something still wrong… i will check what u say about the firewall but i dunno too much about computers…
i will do my best n thanx for helping me…
one of the deleted files was C:\WINDOWS\system32\lsasss.exe n i checked in the http://hijackthis.de/index.php n appears as unknown application also this appeared

O17 - HKLM\System\CCS\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
Do you know the IP or Domain ‘200.75.51.132 200.75.51.133’? If not, fix this entry.

O17 - HKLM\System\CS1\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
Do you know the IP or Domain ‘200.75.51.132 200.75.51.133’? If not, fix this entry.

O20 - AppInit_DLLs: ( i wonder how can i get rid of this nasty file?? where is located?? )
Extremely nasty

as soon as i do what u told me i will reply again… :slight_smile:

Which applications - namely - are you referring to?

The dialler in this case isn’t on johannlynx’s system so it would be impossible to detect even if adaware or spybot could detect it. However something on the system would appear to be downloading or trying to download a dialler and the web shield is stopping it.

I would suggest you also try avg-as, a.k.a Ewido.

The C:\WINDOWS\system32\lsasss.exe file is an attempt to confuse you with a valid system file, lsass.exe. A google search for lsasss.exe returns many hits http://www.google.com/search?q=lsasss.exe, some stating it is the sasser worm variant and others giving it a different name, but the majority state it is a backdoor and what that does is allow you system to be taken over and can steal passwords, etc. and is pretty nasty, why this remains on your system is a surprise to me.
http://www.liutilities.com/products/wintaskspro/processlibrary/lsasss/
http://www.castlecops.com/s10748-lsasss_exe.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.E

The 017 entries are likely to be your ISP IP address but a whois check is a little suspect.

Checking IP: 200.75.51.132... Name: ns1.etb.net.co IP: 200.75.51.132 Don't know which Top Level Domain this server belongs to! Please contact me with the domain name so I can fix this. Falling back to the default server. Domain: ns1.etb.net.co

Querying root.rwhois.net:4321 for ns1.etb.net.co

You could uncheck the entry, if it is for your ISP then you will lose your connection, in HJT you can restore them, using the Config button, Backups button, you will see a list of those entries you fixed and were backed-up.

You do the same thin for the O20 - AppInit_DLLs: entry uncheck it, since there is no file name shown you won’t be able to go looking.

You absolutely need an effective firewall, more so because you have a broadband always on connection.
Windows XP’s firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn’t provide outbound protection.
I would however, say you need to look at a third party firewall to protect against unauthorised outbound connections,
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Checking IP: 200.75.51.132... Name: ns1.etb.net.co IP: 200.75.51.132 Don't know which Top Level Domain this server belongs to! Please contact me with the domain name so I can fix this. Falling back to the default server. Domain: ns1.etb.net.co

Querying root.rwhois.net:4321 for ns1.etb.net.co

i think is my internet provider but im not sure i know my provider is etb…
how can i get the domain name?? plse tell me n i will send it back to u…

This is because the Web Shield has intercepted this trojan before it gets to your system, the Abort Connection effectively drops that connection that is trying to download the file, so it isn't on your system.

That isn’t to say there might not be something else that has tried to download this trojan.

Do you have a firewall, if so what ?
The on-line analysis reports on active firewall detected.

Try this on-line analysis site, http://hijackthis.de/index.php, check any that might be Nasty, Possibly Nasty, Unknown, etc. google the entries or file names to ensyre they are bad. You can also upload suspect files for scanning.

This is reported as Extremely Nasty unless you know different - O20 - AppInit_DLLs:

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

well i got avg as u told me… i checked in secure mode as i was told… but this avg found nothing…
then i decide to check again with hijackthis… n this was teh report

Logfile of HijackThis v1.99.1
Scan saved at 4:13:21 PM, on 26/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
D:\Nueva carpeta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM..\Run: [ACU] “C:\Archivos de programa\Atheros\ACU.exe” -nogui
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [Zone Labs Client] “C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe” /background
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O17 - HKLM\System\CCS\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
O17 - HKLM\System\CS1\Services\Tcpip..{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Servicio de configuración de Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

then i installed the firewall from zonealarm (zone labs) n i checked again my computer with hijackthis… n things were there… then i decided to click on fiz them with hijack… n it seems that were fix or deleted… not sure… here is the new report… n it seems that everything is ok… but i still not sure

Logfile of HijackThis v1.99.1
Scan saved at 4:26:28 PM, on 26/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Nueva carpeta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM..\Run: [ACU] “C:\Archivos de programa\Atheros\ACU.exe” -nogui
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [Zone Labs Client] “C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe” /background
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371180.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Servicio de configuración de Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

now how can i know if i still have problems in my computer…
???

n what shall i do about the domain??
well now things seem better…
my comp is running a little faster…

well i hope i can hear soon from u… :slight_smile:
this has been really useful n interesting i’ve learned a lot… now i wonder if u can advice me about his last things… n tell me how i can i get to b like u… what shall i study… i wanna learn n b a virus hunter… i love computers :slight_smile:

thnx

ooppss another problem…
i was defeated by the firewall…
i tried so much… but i couldnt with it…
i couldnt surf… no page was working,…
i tried so much,… i thought was other virus giving me problem…
i unistalled the firewall…
n my internet was ok again…

i dunno how to deal with the firewal… ???

:cry:

To me this looks like the same log file, did you actually fix (tick the box next to the nasty entry) any items ?
If you don’t understand what I mean you need to check out the tutorials.

If nothing changes then neither will the HJT log.

Don’t uninstall the firewall just ensure that you allow ashWebSv.exe the avast Web Shield internet access in the Program settings of Zone Alarm. The same will be true for ashMaiSv.exe avast email scanner and also avast.setup avast update. You have to read the pop-ups that come up in ZA rather than automatically block or automatically block everything.

i did click to fix the nasty entries in hijackthis n now O20 - AppInit_DLLs: is gone… n dnt show more nasty entries…
only 3 but i dunno what r those entries plse look at them

O17 - HKLM\System\CCS\Services\Tcpip\..\{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133 Do you know the IP or Domain '200.75.51.132 200.75.51.133'? If not, fix this entry.
O17 - HKLM\System\CS1\Services\Tcpip\..\{11B01BB0-CBEC-4D19-8F40-097B82AD46FC}: NameServer = 200.75.51.132 200.75.51.133 Do you know the IP or Domain '200.75.51.132 200.75.51.133'? If not, fix this entry.

my real ip is not that… my ip is 201.244.197.82 then i dunno where do that number come from… n i wonder why some pages r not uploading in my computer now… i cant open many pages… or takes too long :-[

i also have this entry that i dunno if is good or bad… but says is a probably nasty one

C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe

Possibly nasty! According to our database this process runs normally in c:\programme\alwils~1\avast4! Check if you know this process and arrange a viruscheck where required.

ii dunno if really belongs to avast…
those r the results of the hijack… i already try to fix the ones of my ip with hijack but they still the same…

ohh n my connection still falling after all i’ve tried… i guess i still have something really bad in my computer…

about the za firewall… can u plse give me the link to the tutorials… cuz i told my girlfriend to install it… n she had the same problem… the computer went crazy n she couldnt surf… thnx hope u can help me…

im thiking seriously about formatting… cuz now some windows pop up with error message like when i open my messenger… it says that n error ocurred secuenci of commands in this page…

http://img402.imageshack.us/img402/6706/imagerrorck9.gif

n i wonder why my enter key stop fonctioning … this is driving me crazy :o

my comp is getting worse… :cry:

now i dunno what to do :-[

As I said previously.

You could uncheck the entry, if it is for your ISP then you will lose your connection, in HJT you can restore them, using the Config button, Backups button, you will see a list of those entries you fixed and were backed-up.

So test by fixing and see if it effects your ability to connect and reverse using the backups as mentioned.

However, a whois on the IP you gave resolves to basically the same domain, so it may well be a server for your ISP. IP addresses are assigned dynamically by your ISP so you may well have a different on e each time you connect.

Checking IP: 201.244.197.82... Name: adsl201-244197082.dyn.etb.net.co IP: 201.244.197.82 Don't know which Top Level Domain this server belongs to! Please contact me with the domain name so I can fix this. Falling back to the default server. Domain: adsl201-244197082.dyn.etb.net.co

The ashDisp.exe is the avast icon you see in the system tray and is fine.

Unfortunately the term ‘getting worse’ doesn’t give us much to work with, how is it getting worse try to be as detailed as possible.

I don’t know if there is a tutorial for installing Zone Alarm, I certainly have given one previously. To try and find one I would use Google and search for Zone Alarm Tutorial or Tutorial Zone Alarm
http://www.google.com/search?q=“Tutorial+Zone+Alarm” or http://www.google.com/search?q=“Zone+Alarm+Tutorial”.

Also see Hidden things http://invisiblethings.org as ther could well be shmething hidden from the system.

:cry: i formated… yesterday my computer was slowly dying…
firs the key enter stop responding… then my cam stop working…
n after a while everything went wrong…
i restarted my comp but didnt restart again…
well only the wall paper was displayed…
nothing else… i could open the task bar…
n it showed like if no user was active nor anything…

well today is a new day … :-* with my comp like if were new…
i still have problems with the fire wall… i just installed it…
n look what is shown …

http://img49.imageshack.us/img49/4014/avastnj8.jpg

i tried to open the page how to set up ur browser to work with webshield transparent proxy turned off but the page never opened… n error was displayed

what shall i do… i dnt want my comp to b blocked again like yesterday :-\

shall i uninstall the zone alarm??? :-[

thanx for everything … u r really helpful n i’ve learned a lot ;D

No don’t uninstall zone alarm, if you have ZA free version, you should answer NO to the question asked in the avast install compatibility image you posted.

What did you answer to the compatibility question, Yes or No ?

i hae the other version… not the free one…
i didnt uninstall it…
but i clicked yes… cuz i didnt know… n i didnt want to have problems with avas…
i love avast ;D i recommend it to all of my friends :wink:

well now i think everything is ok… my firewall is working… n avast n everything seems to b ok :slight_smile:

i wonder what will happen cuz i clicked yes ??? how can i revert that???

now that i have the full version of zone alarm… that has anti spyware… shall i keep the freeversion of AVG antispyware that i have?? or is not enough with the one of the firewall ???

thnx for replying :slight_smile:

If you had ZA Pro then Yes is the correct answer, but you will have to manually setup your browsers to use the web shield proxy.

http://www.avast.com/eng/webshield_issues.html

For IE - broadband users: - Tutorial - Web Shield Proxy Set-up for IE
For IE - dialup users - Tutorial - Web Shield Proxy Set-up for IE (Dial-up)
For Firefox users - Tutorial - Web Shield Proxy Set-up for Firefox

Personally I would disable the ZA anti-spyware element and keep the AVG anti-spyware. However, the choice is yours as the ZA anti-spyware is resident always on and the AVG anti-spyware is only resident for the 30 day trial unless you purchase the paid version. One thing you should keep in mind like not having two resident AVs it is advised you don’t have two like programs running resident, e.g. two resident anti-spyware programs as they too might conflict.

thanx
im happy with my avast :slight_smile:
i finally set up as u told me … well with the tutorial
n everything seems to b ok ;D :slight_smile:

thnx for all the help…

thnx really was so helpful n insteresting… i learned a lot…

i wonder if u can tell me what can i study… i wanna learn about this ;D

thnx

Your welcome.

You could browse the forums, especially the sticky topics at the top of each of the forums. They provide a wealth of information to help you get the best from avast. Not to mention a browse of the avast Help file, from the Simple User Interface (SUI), right click the skin and you get a menu, Help is on that, or press F1 whilst you have the SUI open. Or Windows, Start, All Programs, avast! Antivirus, Help. Or you could create a desktop shortcut to it “C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP\help.chm” I have done that as I constantly refer to it to help others ;D