Tech Support Forum - View Single Post

tetonbob · 04-04-2008, 12:09 PM

There is evidence of infection still....this will take a couple of rounds to take care of.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
O2 - BHO: (no name) - {071CFA08-5056-4AC5-A17F-0B85BB4BE292} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {3320CF7E-28DC-4D00-8940-C49FA1A88B58} - (no file)
O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - C:\WINDOWS\system32\ddccyyv.dll (file missing)
O2 - BHO: (no name) - {64B5DC94-B90A-454F-BF21-AFAC19643E43} - C:\WINDOWS\system32\geeba.dll (file missing)
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [Heart Amen] C:\DOCUME~1\MRMUDG~1\APPLIC~1\SECOND~1\drv remote.exe
O20 - Winlogon Notify: ddccyyv - C:\WINDOWS\system32\ddccyyv.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

04-04-2008, 12:09 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 25,614 OS: 2000 Pro; XP Pro; XP Home	Re: CID: popupss There is evidence of infection still....this will take a couple of rounds to take care of. Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 O2 - BHO: (no name) - {071CFA08-5056-4AC5-A17F-0B85BB4BE292} - C:\WINDOWS\system32\pmkhe.dll (file missing) O2 - BHO: (no name) - {3320CF7E-28DC-4D00-8940-C49FA1A88B58} - (no file) O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - C:\WINDOWS\system32\ddccyyv.dll (file missing) O2 - BHO: (no name) - {64B5DC94-B90A-454F-BF21-AFAC19643E43} - C:\WINDOWS\system32\geeba.dll (file missing) O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKCU\..\Run: [Heart Amen] C:\DOCUME~1\MRMUDG~1\APPLIC~1\SECOND~1\drv remote.exe O20 - Winlogon Notify: ddccyyv - C:\WINDOWS\system32\ddccyyv.dll (file missing) Close HijackThis now. --------------------------------------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. If you have any questions along the way, STOP and ask them before proceeding. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Our help is voluntary, but this site needs donations to operate. Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.