Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Adware problem, getting worse

This is a discussion on Adware problem, getting worse within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I have been having problems with adwares and whatever on my machine that I cannot remove, no matter what


 
 
Thread Tools Search this Thread
Old 08-01-2007, 01:16 PM   #1
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Hi, I have been having problems with adwares and whatever on my machine that I cannot remove, no matter what I have tried. I have tried AVG Antispyware, Spybot Search & Destroy, Ad-Aware 2007 and a fix I downloaded from Symantec's website. The problem is that I keep getting false spyware prevention programs opening IE7 and popping up at random. Every single time I have tried to deal with this, I have found a program called VirtuMonde, and no matter what I do, even in safe mode, it still turns up all the time. My last resort was to try a hijackthis log, but I can make no sense of it. I wondered if anyone could help me?

Here is the HijackThis log:

---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:10:53, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie\My Documents\Spyware fix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\awrmsmdm.dll",forkonce
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eabc] "C:\PROGRA~1\COMMON~1\CROSOF~1\javaw.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/micr...?1183202982250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ptegvwfl.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
wedge37 is offline  
Sponsored Links
Advertisement
 
Old 08-01-2007, 01:50 PM   #2
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



ComboFix log (realised from reading other threads this is needed too)

I have also noticed that rundll32.exe does not work, or is missing. I have tried to reinstall this from the windows XP CD manually by typing "expand d:\i386\rundll32.ex_c:\windows\system32\rundll32.exe" on the Run dialog box. Didn't work. Help! :(

-------------------------------------

ComboFix 07-08-01.6 - "Jamie" 2007-08-01 20:38:46.1 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\d.exe
C:\Documents and Settings\Jamie\My Documents\VistaCG127\material\_desktop.ini
C:\Documents and Settings\Jamie\My Documents\VistaCG127\material\basic\_desktop.ini
C:\Program Files\Common Files\crosof~1
C:\WINDOWS\system32\acvuurrs.dll
C:\WINDOWS\system32\aghdefdd.exe
C:\WINDOWS\system32\asbuhdje.exe
C:\WINDOWS\system32\awtutur.dll
C:\WINDOWS\system32\bbpouvgm.exe
C:\WINDOWS\system32\cduobbqp.ini
C:\WINDOWS\system32\cglvlhlx.ini
C:\WINDOWS\system32\cgpvudlp.dll
C:\WINDOWS\system32\cpeudbqr.exe
C:\WINDOWS\system32\cycmbqak.ini
C:\WINDOWS\system32\dpscguar.dll
C:\WINDOWS\system32\ejienqci.dll
C:\WINDOWS\system32\enxkkvbp.dll
C:\WINDOWS\system32\fdgykurd.exe
C:\WINDOWS\system32\fsnqutlu.exe
C:\WINDOWS\system32\fvkjbqho.dll
C:\WINDOWS\system32\fyjopueq.exe
C:\WINDOWS\system32\hhvlrawj.exe
C:\WINDOWS\system32\iaqppcsm.dll
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ikfkctmo.exe
C:\WINDOWS\system32\iplpwxle.dll
C:\WINDOWS\system32\jhmaacbq.exe
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jrnnruws.exe
C:\WINDOWS\system32\jvxtkmrq.exe
C:\WINDOWS\system32\jwagokkj.exe
C:\WINDOWS\system32\kacfwfvv.exe
C:\WINDOWS\system32\kaqbmcyc.dll
C:\WINDOWS\system32\kbaiyupv.ini
C:\WINDOWS\system32\lwyusgco.ini
C:\WINDOWS\system32\mgiubxdb.exe
C:\WINDOWS\system32\mkevmerw.exe
C:\WINDOWS\system32\mrbfehhs.dll
C:\WINDOWS\system32\mscppqai.ini
C:\WINDOWS\system32\nlxnscus.ini
C:\WINDOWS\system32\ocgsuywl.dll
C:\WINDOWS\system32\ogmdrome.exe
C:\WINDOWS\system32\pbvkkxne.ini
C:\WINDOWS\system32\peutjxyw.exe
C:\WINDOWS\system32\plduvpgc.ini
C:\WINDOWS\system32\pqbboudc.dll
C:\WINDOWS\system32\pufrmvxy.dll
C:\WINDOWS\system32\rbjqtoet.dll
C:\WINDOWS\system32\rfxkoshm.exe
C:\WINDOWS\system32\rjvpcgud.exe
C:\WINDOWS\system32\sfgrngws.ini
C:\WINDOWS\system32\smjiqext.ini
C:\WINDOWS\system32\srrewcmd.exe
C:\WINDOWS\system32\sucsnxln.dll
C:\WINDOWS\system32\swgnrgfs.dll
C:\WINDOWS\system32\tewvxjbv.ini
C:\WINDOWS\system32\tvwpiljv.dll
C:\WINDOWS\system32\txeqijms.dll
C:\WINDOWS\system32\vbjxvwet.dll
C:\WINDOWS\system32\vpuyiabk.dll
C:\WINDOWS\system32\xfnlpkoy.dll
C:\WINDOWS\system32\xlhlvlgc.dll
C:\WINDOWS\system32\ybnmyiie.exe
C:\WINDOWS\system32\yokplnfx.ini
C:\WINDOWS\system32\yxvmrfup.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 20:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 19:52 125,504 --a------ C:\WINDOWS\system32\awrmsmdm.dll
2007-07-31 13:47 125,504 --a------ C:\WINDOWS\system32\unlthmgf.dll
2007-07-30 17:18 126,016 --a------ C:\WINDOWS\system32\ayyjoshm.dll
2007-07-29 17:17 126,016 --a------ C:\WINDOWS\system32\hiaomifm.dll
2007-07-28 14:40 126,016 --a------ C:\WINDOWS\system32\wttyxhld.dll
2007-07-27 12:41 126,016 --a------ C:\WINDOWS\system32\qyausbep.dll
2007-07-26 12:06 126,016 --a------ C:\WINDOWS\system32\gqawrmaw.dll
2007-07-25 00:57 126,016 --a------ C:\WINDOWS\system32\vyxnycug.dll
2007-07-24 15:37 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-07-23 23:29 126,016 --a------ C:\WINDOWS\system32\cfhhjyhv.dll
2007-07-22 17:01 <DIR> d-------- C:\Program Files\uTorrent
2007-07-22 17:01 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\uTorrent
2007-07-17 11:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-17 11:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 11:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 23:05 <DIR> d---s---- C:\Program Files\Xfire
2007-07-05 23:05 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Xfire
2007-07-04 13:30 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-04 02:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-03 22:43 19,968 --a------ C:\fisbiegd.exe
2007-07-03 14:14 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-07-03 14:14 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-03 14:14 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-03 14:14 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-03 14:14 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-03 14:14 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-03 14:14 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-03 14:14 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-03 14:14 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-03 14:14 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-03 14:10 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-01 15:31 271,224 --a------ C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 20:46 --------- d-------- C:\Program Files\Steam
2007-07-24 15:38 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-22 16:49 --------- d-------- C:\Program Files\BitTorrent
2007-06-30 12:35 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-24 16:18 --------- d-------- C:\Program Files\KONAMI
2007-06-24 16:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-20 02:03 1963 --a------ C:\WINDOWS\mozver.dat
2007-06-19 14:23 --------- d-------- C:\Program Files\Microsoft Works
2007-06-19 14:22 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-11 09:47 --------- d-------- C:\Program Files\Windows Live
2007-06-11 09:47 --------- d-------- C:\Program Files\MSN Messenger
2007-06-11 09:47 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-09 22:17 --------- d-------- C:\Program Files\Mplayer
2007-06-09 22:15 --------- d-------- C:\Program Files\Quake III Arena
2007-06-07 10:51 --------- d-------- C:\Program Files\Ubi Soft
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-20 17:30 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 09:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 11:43 C:\WINDOWS\Alcmtr.exe]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 10:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 17:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"NWEReboot"="" []
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 21:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-10-19 19:09]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 18:22]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 11:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Eabc"="C:\PROGRA~1\COMMON~1\CROSOF~1\javaw.exe" []

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-11-11 16:45:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcbb]
ddcbcbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
R3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 cportclm;cportclm;\??\C:\DOCUME~1\Jamie\LOCALS~1\Temp\cportclm.sys
S3 ET5Drv;ET5Drv;\??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
S3 huadio;huadio;\??\C:\WINDOWS\system32\huadio.tmp
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-08-01 20:46:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 20:47:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 20:47

--- E O F ---
wedge37 is offline  
Old 08-01-2007, 06:13 PM   #3
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Bump! Help please. :(
wedge37 is offline  
Sponsored Links
Advertisement
 
Old 08-02-2007, 02:20 AM   #4
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



*Bumped so that someone will see this!*
wedge37 is offline  
Old 08-02-2007, 05:32 AM   #5
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi wedge37,

Can you please hold off on any self fixes from here on in. Your compter still has some bad files roaming around, so please make sure you following my instructions exactly the way I've proposed.

---------------------------------------------------------------------------------------------

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clean.
The absence of symptoms does not mean that everything is clean.


---------------------------------------------------------------------------------------------

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


---------------------------------------------------------------------------------------------


P2P Software

I see you have P2P software ( BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

Disable AVG Anti-spyware Shield
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive


Disable AVG Anti-Spyware
  • Right-click the AVG icon by the system time
  • Left-click on Start with Windows

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\awrmsmdm.dll
C:\WINDOWS\system32\unlthmgf.dll
C:\WINDOWS\system32\ayyjoshm.dll
C:\WINDOWS\system32\hiaomifm.dll
C:\WINDOWS\system32\wttyxhld.dll
C:\WINDOWS\system32\qyausbep.dll
C:\WINDOWS\system32\gqawrmaw.dll
C:\WINDOWS\system32\vyxnycug.dll
C:\WINDOWS\system32\cfhhjyhv.dll
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\ddcbcbb.dll
C:\WINDOWS\system32\winrzf32.dll
C:\WINDOWS\system32\huadio.tmp

Collect::
C:\fisbiegd.exe

Driver::
huadio

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eabc"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
Save this as CFScript




Refering to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
Please submit this file to: https://www.bleepingcomputer.com/subm....php?channel=4

Please include a link to this topic in the message.

---------------------------------------------------------------------------------------------

No AntiVirus Onboard

I see no evidence of an AntiVirus program on your system. This must be resolved. Here are three very good free Antivirus products which are available:Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

---------------------------------------------------------------------------------------------

Restart your computer

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------------------------------------------------------------------------------------

Please run HijackThis again, and post a fresh HijackThis log

---------------------------------------------------------------------------------------------

Generate an Uninstall List
  • Open HijackThis.
  • Click on the "Configure" button on the bottom right.
  • Click on the tab "Misc Tools".
  • Click on the Box that says "Open Uninstall Manager".
  • Click on the button "Save list"

Please save a copy and paste the contents with your next reply.

---------------------------------------------------------------------------------------------

How is your computer behaving?

---------------------------------------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Panda Scan results
Fresh HijackTHis log
Uninstall List
How is your computer behaving?
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 08-02-2007, 09:08 AM   #6
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Here's the info you need:

Comboxfix

ComboFix 07-08-01.6 - "Jamie" 2007-08-02 13:16:34.2 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Jamie\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\fisbiegd.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\awrmsmdm.dll
C:\WINDOWS\system32\ayyjoshm.dll
C:\WINDOWS\system32\cfhhjyhv.dll
C:\WINDOWS\system32\gqawrmaw.dll
C:\WINDOWS\system32\hiaomifm.dll
C:\WINDOWS\system32\huadio.tmp
C:\WINDOWS\system32\qyausbep.dll
C:\WINDOWS\system32\unlthmgf.dll
C:\WINDOWS\system32\vyxnycug.dll
C:\WINDOWS\system32\wttyxhld.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_HUADIO
-------\huadio


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-08-01 20:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 15:37 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-07-22 17:01 <DIR> d-------- C:\Program Files\uTorrent
2007-07-22 17:01 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\uTorrent
2007-07-17 11:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-17 11:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-17 11:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 23:05 <DIR> d---s---- C:\Program Files\Xfire
2007-07-05 23:05 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Xfire
2007-07-04 13:30 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-04 02:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-03 14:14 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-07-03 14:14 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-03 14:14 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-03 14:14 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-03 14:14 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-03 14:14 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-03 14:14 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-03 14:14 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-03 14:14 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-03 14:14 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-03 14:10 <DIR> d--h----- C:\WINDOWS\msdownld.tmp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 13:21 --------- d-------- C:\Program Files\Steam
2007-07-24 15:38 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-22 16:49 --------- d-------- C:\Program Files\BitTorrent
2007-06-30 12:35 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-24 16:18 --------- d-------- C:\Program Files\KONAMI
2007-06-24 16:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-20 02:03 1963 --a------ C:\WINDOWS\mozver.dat
2007-06-19 14:23 --------- d-------- C:\Program Files\Microsoft Works
2007-06-19 14:22 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-11 09:47 --------- d-------- C:\Program Files\Windows Live
2007-06-11 09:47 --------- d-------- C:\Program Files\MSN Messenger
2007-06-11 09:47 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-09 22:17 --------- d-------- C:\Program Files\Mplayer
2007-06-09 22:15 --------- d-------- C:\Program Files\Quake III Arena
2007-06-07 10:51 --------- d-------- C:\Program Files\Ubi Soft
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 09:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 10:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 17:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"NWEReboot"="" []
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 21:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-10-19 19:09]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 18:22]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 11:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-11-11 16:45:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
R3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 cportclm;cportclm;\??\C:\DOCUME~1\Jamie\LOCALS~1\Temp\cportclm.sys
S3 ET5Drv;ET5Drv;\??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-08-02 13:21:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 13:22:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 13:22
C:\ComboFix2.txt ... 2007-08-01 20:47

--- E O F ---

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 16:00:42, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie\My Documents\Spyware fix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - https://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/micr...?1183202982250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Uninstall list

3DMark03
3DMark06
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Alt-Tab Task Switcher Powertoy for Windows XP
ASUSDVD
avast! Antivirus
AVG Anti-Spyware 7.5
Ballance 1LevelDemo
BitTorrent 5.0.8
Camfrog Video Chat 3.91 (remove only)
Canon iP4200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
ClearType Tuning Control Panel Applet
Codec Pack - All In 1 6.0.3.0
Deus Ex - Invisible War
Disc2Phone
Easy-WebPrint
ETC B06.0809.01
EXPERTool
Far Cry
FEAR
Fraps
GeoForms Screensaver by NVIDIA (remove only)
Gigabyte Raid Configurer
Google Earth
Google Gmail Notifier
GSview and Aladdin Ghostscript
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
IcePattern 1.22 for Adobe Photoshop
Image Resizer Powertoy for Windows XP
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech SetPoint
Logitech Video Enumerator
Logitech® Camera Driver
LogonStudio
Luna
Mad Mod Mike
MadOnion.com/3DMark2001 SE
Maple 10
MathType 5
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
mIRC
Morrowind
Motherboard Monitor 5
Mozilla Firefox (2.0.0.5)
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
MVision
Nalu
Need for Speed™ Most Wanted
Nero OEM
NVIDIA Drivers
NVIDIA nTune
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.0.3
Opera 9.02
Panda ActiveScan
Prey
Project64 1.6
Psychonauts Demo
Quake 4(TM)
Quake III Arena
QuickTime
Rayman3
Realtek High Definition Audio Driver
Rome - Total War - Gold Edition
S.T.A.L.K.E.R. - Shadow of Chernobyl
Safety Alert 2006
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Soldier of Fortune II - Double Helix GOLD
SONIC HEROES
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Steam
System Requirements Lab
TES Construction Set
TeXaide 4
The Chronicles of Riddick: Escape From Butcher Bay Demo
Tomb Raider:
Tomb Raider: Anniversary Demo 1.0
TrackMania Nations ESWC - Update 2
TrackMania Sunrise Extreme Demo 1.5.0
TrackMania United 0.2.0.8
Trillian
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb936558)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Word 2007 (KB934173)
USB game controller
VNC Enterprise Edition E4.2.8
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xfire (remove only)
Yahoo! Toolbar

Panda ActiveScan


Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[server.iad.liveperson.net/hc/15527479]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.www.winantiviruspro.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.tickle.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[drivecleaner.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cookies.txt[.webpower.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jamie\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Jamie\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jamie\Desktop\ComboFix.exe[nircmd.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\Jamie\Desktop\[4]-Submit_2007-08-02_131633.51.zip[fisbiegd.exe]
Hacktool:Hacktool/CookiesView Not disinfected C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\mzcv.exe
Potentially unwanted tool:Application/PassRock Not disinfected C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\Jamie\My Documents\Miscellaneous\Style XP and crack.zip[eclsxp31.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Virus:Trj/Downloader.NUS Disinfected C:\QooBox\Quarantine\C\d.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aghdefdd.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\asbuhdje.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\awtutur.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bbpouvgm.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cgpvudlp.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cpeudbqr.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ejienqci.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\enxkkvbp.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fdgykurd.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fsnqutlu.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fyjopueq.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hhvlrawj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ikfkctmo.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iplpwxle.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jhmaacbq.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jrnnruws.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jvxtkmrq.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jwagokkj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kacfwfvv.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mgiubxdb.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mkevmerw.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mrbfehhs.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ogmdrome.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\peutjxyw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pufrmvxy.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qyausbep.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rfxkoshm.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rjvpcgud.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srrewcmd.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tvwpiljv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vyxnycug.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ybnmyiie.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2007-08-01_204610.67.zip[jkhhi.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe



-------------------------------------------------------

My computer seem fine at present, after all the maintenance done with Avast! AntiVirus, but I'd like to clean the computer up completely. :)
wedge37 is offline  
Old 08-02-2007, 05:00 PM   #7
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Hi wedge37,

See how good an Anti-Virus program is for your computer?

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

---------------------------------------------------------------------------------------------

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


---------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Messenger Plus! Live <<< This program is known to install the LOP infection. If the program is a must have, reinstall it and decline when asked to install the sponsor's software.

Safety Alert 2006 <<< This program is known to install various types of Zlob infections


---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please reply back with the following:

Kaspersky Scan results
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 08-03-2007, 06:01 AM   #8
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



I can't use the uninstall program in control panel because rundll32.exe is missing or corrupted as a result of the viruses.

I will be editing the post once Kapersky is done.
wedge37 is offline  
Old 08-03-2007, 07:32 AM   #9
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Since I can't seem to edit posts here, I'll post the Kapersky log here:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 03, 2007 1:36:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/08/2007
Kaspersky Anti-Virus database records: 371492
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 135562
Number of viruses found: 19
Number of infected objects: 83 / 0
Number of suspicious objects: 6
Duration of the scan process: 01:54:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/win13.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/avp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu2000352.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\history.dat Object is locked skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\key3.db Object is locked skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jamie\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jamie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\Cache\10F0BF2Ad01 Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Application Data\Mozilla\Firefox\Profiles\2zdyxfvz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temp\LVCOMSX.LOG Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\ca_setup.exe/WISE0017.BIN Infected: not-a-virus:PSWTool.Win32.Cain.28 skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\ca_setup.exe/WISE0023.BIN Infected: not-a-virus:PSWTool.Win32.Cain.f skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\ca_setup.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.e skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\ca_setup.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\FastResolver.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.b skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\keyfinder.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jamie\My Documents\h4xx0rz\Darc Hackpack\AutoPlay\Docs\RockXP3.exe RarSFX: infected - 5 skipped
C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jamie\My Documents\Spyware fix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jamie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\Program Files\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtutur.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ayyjoshm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cfhhjyhv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dpscguar.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gqawrmaw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hiaomifm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ocgsuywl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qyausbep.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sucsnxln.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vpuyiabk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vyxnycug.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wttyxhld.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xlhlvlgc.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP184\A0062291.exe Infected: Trojan-Proxy.Win32.Agent.mx skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP184\A0063308.exe/install.exe/data0007/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP184\A0063308.exe/install.exe/data0007 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP184\A0063308.exe/install.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP184\A0063308.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP185\A0065568.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP186\A0065665.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP187\A0065755.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP188\A0069012.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP188\A0069013.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP188\A0069014.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077963.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077964.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077965.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077966.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077967.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077968.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077969.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077970.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077971.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077972.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077973.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077974.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077975.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077976.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077977.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077978.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077979.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077980.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077981.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077982.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077983.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077984.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077986.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077988.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077993.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077995.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0077996.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0078000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0078002.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0078005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP194\A0078007.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078175.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078176.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078179.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078180.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\A0078181.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{7A1988D4-7ABF-4E04-90AE-EF1D1AD9EB2D}\RP195\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
wedge37 is offline  
Old 08-04-2007, 11:13 AM   #10
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



You may need your Windows Installation CD for this part.

Go to Start-Run then type the following sfc /scannow

After the process is complete, try opening Add/Remove Programs.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 08-04-2007, 02:55 PM   #11
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



That didn't work, tried it three times, no luck each time. :(
wedge37 is offline  
Old 08-04-2007, 03:07 PM   #12
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Open notepad and copy/paste the text in the quotebox below into it:

Code:
@echo off
(
copy /y C:\WINDOWS\system32\dllcache\rundll32.exe C:\Windows\system32
vfind -tf %systemroot%\rundll32.exe 
)>>log.txt
notepad log.txt

Save this as repair.bat Choose to "Save type as - All Files"
It should look like this:
Double click on repair.bat & allow it to run


-----------------------------------

Restart your computer, then try opening Add/Remove Programs.

------------------------------------

Post the results from the log.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 08-04-2007, 03:56 PM   #13
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



This is what the log says when I tried to run the batch file:

The system cannot find the file specified.

Would it be a prudent suggestion to try typing:

Code:
expand d:\i386\rundll32.ex_c:\windows\system32\dllcache\rundll32.exe
then trying the file again?
wedge37 is offline  
Old 08-04-2007, 07:02 PM   #14
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Download one from here > https://www.spywareinfo.com/~merijn/w...p#rundll32.exe
__________________

sUBs is offline  
Old 08-05-2007, 04:18 AM   #15
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Thanks! That works. What shall I do now?
wedge37 is offline  
Old 08-05-2007, 06:53 AM   #16
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



Well the only things left to do is uninstall the following programs, if you haven't done so by now?

Messenger Plus! Live
Safety Alert 2006



Then.....

Open Spybot - Search and Destroy.
  • Click on recovery icon on left
  • [b]Purge all the bad guys in there, so that they don't get back into your system.



Well done, your logs are clean! There are just a few more things I would like you to do.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Clear Firefox Cookies
  • Click Tools -> Options
  • Click Privacy Tab
  • Click the "Show Cookies" button
  • Click the "Remove All Cookies" button, which is at the bottom of the window.
  • Click Close

Clear IE7 cookies
  • On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
  • Double-click Internet Options to open Internet Properties.
  • Click Delete Files button.
  • Click Delete button across from Temporary Internet Files.
  • Click Yes.
  • Click Close.
  • Click Ok.


Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
  • SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls


Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
Old 08-05-2007, 09:32 AM   #17
Guest
 
Join Date: Aug 2007
Posts: 11
OS:



Did all that. Thanks! :D
wedge37 is offline  
Old 08-05-2007, 09:19 PM   #18
Security Team
Analyst
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 3,025
OS: Windows 7 Ultimate



You're welcome. Safe surfin
__________________


Proud Member of ASAP
Proud Member of UNITE

Microsoft MVP - Consumer Security 2009
forhockey is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
HJT Log - Can I remove the ones listed as file missing?
I just ran a HJT log as I've been having problems with my outlook express. It works fine for a few minutes then it is non responsive :4-dontkno Can I remove the ones liste below that show files missing? Any help would be awesome! :D TIA ...
rapada Resolved HJT Threads 73 02-27-2007 07:12 AM
trojan downloader generic hgt removal help
Logfile of HijackThis v1.99.1 Scan saved at 00:17:04, on 14/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe...
eine Inactive Malware Help Topics 28 08-08-2006 08:49 AM
Searc-h / Ad-w-a-r-e / Deal-Pro / Discount-Nation etc. Pop-ups won't go away!!
Okay then, been battling with these pop-ups for about the last 6 days and I ain't had any success, so I figured I'd talk to you guys. I've read a couple of other threads on gettin' rid of the pop-ups mentioned in the title of the thread, but they didn't work for me. So I was hoping that you could...
MyFinalHeaven Inactive Malware Help Topics 8 10-28-2005 02:11 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:33 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts