View Full Version : Virtumonde
robinrasbeary
2007-09-02, 21:22
I have no idea what i am doing or if i am doing it right but........I found a virtumonde or should i say spybot did it is in C:\WINDOWS\system32\wvtu.dll and i cant deleat or get rid of it can you help me pleaseeeeee
Hello and welcome to the forums :)
Please post a HijackThis log to here.
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
robinrasbeary
2007-09-02, 23:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:59 PM, on 9/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1182116165\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1182116165\ee\aolsoftware.exe
C:\Program Files\Compaq\Easy Access Button Support\bak\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ssxwlepe.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [hovylid] C:\Program Files\Windows NT\hovylid22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\bclnpiax.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {0E186096-5DE8-45AE-8BDC-E3CAF25A4E0C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\projyd.html
--
End of file - 6421 bytes
robinrasbeary
2007-09-03, 07:28
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 02, 2007 11:11:04 PM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/09/2007
Kaspersky Anti-Virus database records: 402734
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 65605
Number of viruses found: 15
Number of infected objects: 67
Number of suspicious objects: 0
Duration of the scan process: 02:06:23
Infected Object Name / Virus Name / Last Action
C:\CPQS\scom\srmclean.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\idb\MotorMikesAuto\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\idb\MotorMikesAuto\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\organize\CACHE\motormikesau02 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\organize\motormikesauto Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\organize\motormikesauto.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\organize\motormikesauto.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin\Application Data\AOL\C_America Online 9.0b\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Robin\Application Data\AOL\C_America Online 9.0b\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Robin\Application Data\AOL\C_America Online 9.0b\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Robin\Application Data\AOL\C_America Online 9.0b\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Robin\Application Data\AOL\C_America Online 9.0b\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Robin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\History\History.IE5\MSHist012007090220070903\index.dat Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\Temp\ICD1.tmp\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Robin\Local Settings\Temp\ICD2.tmp\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Robin\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Robin\Local Settings\Temp\ICD4.tmp\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\8DQ3OPU7\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\TK8VLHOP\popcaploader_v6[1].cab/PopCapLoader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\TK8VLHOP\popcaploader_v6[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Robin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin\UserData\index.dat Object is locked skipped
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\America Online 9.0\AOL.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\COMPAQ\Coloreal\coloreal.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Microsoft Works\WkDetect.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Microsoft Works\WksSb.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\MSN\lazup.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\MSN\lazup330.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\MSN\lazup407.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\MSN\lazup806.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\QuickTime\qttask.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Starware325\bin\Starware325.dll Infected: not-a-virus:AdWare.Win32.Comet.bb skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc12.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc2.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc3.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc5.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc6.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RECYCLER\S-1-5-21-1417818515-3168066103-3802400216-1006\Dc8.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP34\A0002910.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP36\A0005983.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP36\A0006048.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP36\A0006224.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP49\A0008567.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP49\A0008666.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP49\A0008750.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP49\A0008804.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP49\A0008814.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP73\A0011900.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP73\A0011904.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0011950.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0011952.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0012950.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0012962.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0012982.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0013982.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0013989.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP74\A0013989.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP80\A0016178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP81\A0016418.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{54184178-C9CE-46D9-9EEA-06B1B32E48B4}\RP81\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\cofig32\r1w2821.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\fustjjks.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\icffkvwt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lq skipped
C:\WINDOWS\system32\khfggde.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\kvefbtlm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\lwinomdt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\WINDOWS\system32\nnnmnmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\nnnolii.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\rewkqfbh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ssxwlepe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\tk58.exe Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
Hi again :)
You're infected.
Did you notice this sticky topic?
If running Windows XP without a Service Pack and all critical vunerabilites patched.
Example:
Platform: Windows XP
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Afraid it is not a case of will I get infected despite all my security programs, but how soon.
Before seeking assistance to remove malware, it is critical that you update to Service Pack 1a.
Get SP1a here : http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Although Windows XP Service Pack 2 is cumulative, meaning it includes Service Pack 1 and all updates predating the release of SP2; before you upgrade to Windows XP SP2 (Service Pack 2) you must ensure the computer is free of malware.
If you are here to be assisted in having an infection removed, please do as little surfing as possible.
So please install Service Pack 1a and then post a fresh HijackThis log and we'll get you cleaned.:bigthumb:
robinrasbeary
2007-09-04, 01:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:46 PM, on 9/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\WINDOWS\system32\pctspk.exe
c:\program files\common files\aol\1182116165\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1182116165\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\bak\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\apuqidvs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [hovylid] C:\Program Files\Windows NT\hovylid22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\jodmlylp.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {0E186096-5DE8-45AE-8BDC-E3CAF25A4E0C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188857568718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188857551546
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\projyd.html
--
End of file - 6582 bytes
Hi :)
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Your log shows that you don't have Service Pack 1 installed.
Did you visit Windows Update?
robinrasbeary
2007-09-05, 04:44
I am so sorry I thought i had it loaded last night im telling you i am a true blone lol. Lets try this again thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:36 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\tcgruqbp.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\bak\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\program files\common files\aol\1182116165\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1182116165\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [hovylid] C:\Program Files\Windows NT\hovylid22011.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\idjbvhyw.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0E186096-5DE8-45AE-8BDC-E3CAF25A4E0C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188857568718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188857551546
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\projyd.html
--
End of file - 6540 bytes
Ok good now we'll begin the cleaning :)
You don't have an antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) on your computer, you must install one antivirus.
These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)
Please rename HijackThis.exe to skanneri.exe
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
robinrasbeary
2007-09-06, 05:31
:lip: Ok I am hoping this is it .....crossing my fingers...thanks bunches and bunches for all your help your an angel!!!!!!!!
VundoFix V6.5.7
Checking Java version...
Scan started at 1:05:40 PM 9/2/2007
Listing files found while scanning....
C:\windows\system32\amflnkpg.dll
C:\windows\system32\amtmhuec.dll
C:\WINDOWS\System32\awvtu.dll
C:\WINDOWS\System32\bclnpiax.dll
C:\windows\system32\ceuhmtma.ini
C:\windows\system32\gpknlfma.ini
C:\windows\system32\icffkvwt.dll
C:\WINDOWS\system32\khfggde.dll
C:\windows\system32\nnnmnmm.dll
C:\windows\system32\nnnolii.dll
C:\windows\system32\twvkffci.ini
C:\WINDOWS\System32\utvwa.bak1
C:\WINDOWS\System32\utvwa.bak2
C:\WINDOWS\System32\utvwa.ini
C:\WINDOWS\System32\utvwa.ini2
C:\WINDOWS\System32\utvwa.tmp
C:\WINDOWS\System32\wxrgkjmg.dll
C:\windows\system32\xaipnlcb.ini
Beginning removal...
VundoFix V6.5.8
Checking Java version...
Scan started at 7:22:54 PM 9/5/2007
Listing files found while scanning....
VundoFix V6.5.8
Checking Java version...
Scan started at 8:38:14 PM 9/5/2007
Listing files found while scanning....
C:\windows\system32\awvtu.dll
C:\WINDOWS\system32\idjbvhyw.dll
C:\WINDOWS\system32\khfggde.dll
C:\windows\system32\utvwa.bak1
C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.ini
C:\windows\system32\utvwa.ini2
C:\windows\system32\utvwa.tmp
C:\WINDOWS\System32\wxrgkjmg.dll
C:\WINDOWS\system32\wyhvbjdi.ini
Beginning removal...
Beginning removal...
Attempting to delete C:\windows\system32\awvtu.dll
C:\windows\system32\awvtu.dll Has been deleted!
Attempting to delete C:\windows\system32\utvwa.bak1
C:\windows\system32\utvwa.bak1 Has been deleted!
Attempting to delete C:\windows\system32\utvwa.bak2
C:\windows\system32\utvwa.bak2 Has been deleted!
Attempting to delete C:\windows\system32\utvwa.ini
C:\windows\system32\utvwa.ini Has been deleted!
Attempting to delete C:\windows\system32\utvwa.ini2
C:\windows\system32\utvwa.ini2 Has been deleted!
Attempting to delete C:\windows\system32\utvwa.tmp
C:\windows\system32\utvwa.tmp Has been deleted!
Attempting to delete C:\WINDOWS\System32\wxrgkjmg.dll
C:\WINDOWS\System32\wxrgkjmg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wyhvbjdi.ini
C:\WINDOWS\system32\wyhvbjdi.ini Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:25 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1182116165\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1182116165\ee\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {50FA0E0C-1F2E-4585-A785-51090DECBA54} - C:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {CF86285F-A426-4685-2E8F-1A9CA8060BFA} - C:\Program Files\MSN\lazup330.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [hovylid] C:\Program Files\Windows NT\hovylid22011.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0E186096-5DE8-45AE-8BDC-E3CAF25A4E0C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188857568718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188857551546
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: khfggde - khfggde.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\projyd.html
--
End of file - 7823 bytes
Ok looks better but we still have some work to do...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
robinrasbeary
2007-09-07, 03:09
i dont know if you need to know this but the AVG picked up three virus it cant get rid of 1 is Trojanhorse Generic4.Gl and the 2nd one is Trojanhorse Lop.CV
3rd is Trojanhorse Lop.CM
anyways ran combofix here is report...
ComboFix 07-08-30.3 - "Robin" 2007-09-06 18:51:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.91 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware325
C:\DOCUME~1\Robin\APPLIC~1\Starware325
C:\Program Files\MSN\projyd.html
C:\Program Files\Starware325
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1\UERS_9999_N91S1502NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\apuqidvs.exe
C:\WINDOWS\system32\bskktpvw.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fustjjks.exe
C:\WINDOWS\system32\kvefbtlm.exe
C:\WINDOWS\system32\lwinomdt.exe
C:\WINDOWS\system32\ogsfeaix.exe
C:\WINDOWS\system32\pccnswdy.exe
C:\WINDOWS\system32\pjxqcahf.exe
C:\WINDOWS\system32\rewkqfbh.exe
C:\WINDOWS\system32\riqmttya.exe
C:\WINDOWS\system32\ssxwlepe.exe
C:\WINDOWS\system32\tcgruqbp.exe
C:\WINDOWS\system32\txgdmtec.exe
((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))
2007-09-06 18:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-06 03:06 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-06 03:06 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-06 03:06 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-04 20:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-04 20:04 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-09-04 19:22 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-04 19:22 <DIR> d-------- C:\WINDOWS\peernet
2007-09-04 19:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-04 19:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-04 19:07 <DIR> d-------- C:\WINDOWS\EHome
2007-09-04 18:56 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2007-09-04 18:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2007-09-04 03:03 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-09-04 03:01 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-09-04 03:01 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-09-04 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-03 17:22 <DIR> d-------- C:\WINDOWS\system32\bits
2007-09-03 17:21 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-09-03 17:21 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-09-03 17:21 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-09-03 17:21 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-03 17:21 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-03 17:17 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-03 17:13 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-09-03 17:13 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-09-03 17:13 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-09-03 17:13 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-09-02 23:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-09-02 21:00 <DIR> d---s---- C:\DOCUME~1\Robin\UserData
2007-09-02 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-02 18:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-02 16:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-09-02 15:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-02 13:05 <DIR> d-------- C:\VundoFix Backups
2007-09-01 21:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\AOL
2007-08-25 01:16 <DIR> d-------- C:\WINDOWS\system32\IBD4
2007-08-25 01:16 <DIR> d-------- C:\WINDOWS\system32\cofig32
2007-08-24 00:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-24 00:02 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-18 04:12 <DIR> d-------- C:\DOCUME~1\Robin\Shared
2007-08-18 04:11 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\LimeWire
2007-08-18 04:10 <DIR> d-------- C:\Program Files\LimeWire
2007-08-14 19:59 <DIR> d-------- C:\Program Files\WinBudget
2007-08-09 02:05 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\Help
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 13:50 --------- d-------- C:\Program Files\Lx_cats
2007-09-05 22:48 --------- d-------- C:\Program Files\America Online 9.0
2007-09-05 22:46 --------- d-------- C:\Program Files\QuickTime
2007-09-05 21:15 --------- d-------- C:\Program Files\Microsoft Works
2007-09-02 11:50 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-02 11:49 --------- d-------- C:\Program Files\AOL Deskbar
2007-09-02 11:11 --------- d-------- C:\Program Files\Pure Networks
2007-08-16 22:37 --------- d-------- C:\Program Files\Oberon Media
2007-08-16 20:17 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-16 20:17 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\Pogo Games
2007-08-08 19:26 --------- d-------- C:\Program Files\America Online 9.0b
2007-07-31 20:04 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\AOL
2007-07-31 20:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-31 20:01 --------- d-------- C:\Program Files\Common Files\aolshare
2007-07-31 20:01 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-31 19:56 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-07-31 19:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-29 23:18 --------- d-------- C:\Program Files\Lexmark Toolbar
2007-07-29 23:18 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\Lexmark Imaging Studio
2007-07-29 23:17 --------- d-------- C:\Program Files\Lexmark 2500 Series
2007-07-29 23:16 --------- d-------- C:\Program Files\Lexmark Fax Solutions
2007-07-29 23:01 --------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-07-29 22:40 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\FaxCtr
2007-07-29 22:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
2007-07-24 16:54 --------- d-------- C:\Program Files\America Online 9.0a
2007-07-21 19:28 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\funkitron
2007-07-21 19:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-21 15:35 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-07-21 15:35 --------- d-------- C:\Program Files\Common Files\Real
2007-07-21 08:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FunGames
2007-07-15 06:56 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\McAfee.com Personal Firewall
2007-07-11 13:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-11 13:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-07 09:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\mcafee.com personal firewall
2007-07-07 09:00 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-07 08:56 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50FA0E0C-1F2E-4585-A785-51090DECBA54}]
C:\WINDOWS\System32\awvtu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF86285F-A426-4685-2E8F-1A9CA8060BFA}]
C:\Program Files\MSN\lazup330.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" []
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" []
"WorksFUD"="" []
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"srmclean"="C:\Cpqs\Scom\srmclean.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe" [2006-03-10 17:22]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-21 15:35]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 18:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 18:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 19:00]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 17:05]
"hovylid"="C:\Program Files\Windows NT\hovylid22011.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-05 18:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [2000-07-19 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 17:59]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-12 06:17]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\projyd.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfggde]
khfggde.dll
R2 lxdd_device;lxdd_device;C:\WINDOWS\System32\lxddcoms.exe -service
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS
S1 EAWDMFD;EAWDMFD;C:\WINDOWS\system32\drivers\EAWDMFD.sys
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 18:56:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-06 18:57:39
C:\ComboFix-quarantined-files.txt ... 2007-09-06 18:57
--- E O F ---
robinrasbeary
2007-09-09, 02:11
Havent heard from you in a couple of days. I know we are in different time zones and all heck Finland is a long ways from Texas hehe. Just hoping you didnt forget about me hope to hear something soon thanks ..
Robin
robinrasbeary
2007-09-09, 02:12
[QUOTE=robinrasbeary;118140]Havent heard from you in a couple of days. I know we are in different time zones and all heck Finland is a long ways from Texas hehe. Just hoping you didnt forget about me hope to hear something soon thanks ..Hope your ok ..
Robin
Hi and sorry for the delay, I was away...
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list. Fix the O15 entries too if you haven't added the sites on the Trusted Zone on purpose.
O2 - BHO: (no name) - {50FA0E0C-1F2E-4585-A785-51090DECBA54} - C:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: 0 - {CF86285F-A426-4685-2E8F-1A9CA8060BFA} - C:\Program Files\MSN\lazup330.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [hovylid] C:\Program Files\Windows NT\hovylid22011.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/b...ploader_v6.cab
O20 - Winlogon Notify: khfggde - khfggde.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\projyd.html
Restart your computer
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols.shtml)
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijacKThis log
robinrasbeary
2007-09-09, 18:01
I hope your still here cause i have a problem... AVG ran a scan this mornin and this is what it found..
Virus identified Worm/Generic.DHT
(File)
Hijack This.exe
(Path)
C:\ProgramFiles\TrendMicro\HijackThis\HijackThis.exe
It says it deleated thie file shortcut is still on my desk top but says file is gone.
What do i do ?
Robin
Hello :)
That is a false positive, HijackThis.exe isn't a virus. Update AVG databases.
Please download hijackThis again and continue with the instructions. :bigthumb:
robinrasbeary
2007-09-12, 07:40
ok here is F-Secure scan
Scanning Report
Tuesday, September 11, 2007 21:36:46 - 23:33:49
Computer name: ROBINSNEST
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 6 malware found
FizzleBar (spyware)
System (Disinfected)
Toolbar.Softo (spyware)
System (Disinfected)
Vundo.gen38 (virus)
C:\WINDOWS\SYSTEM32\AQSKESJN.INI (Submitted)
C:\WINDOWS\SYSTEM32\KQWYKEWY.INI (Submitted)
C:\WINDOWS\SYSTEM32\YYTTTGER.INI (Submitted)
W32/DLoader.BUQ (virus)
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20070910-205007-339.DLL (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 30288
System: 5105
Not scanned: 6
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 4
Submitted: 4
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{46E67F82-BAB6-41BC-8E77-7283EF26B804}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0B\ORGANIZE\MOTORMIKESAUTO
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0B\ORGANIZE\CACHE\MOTORMIKESAU02
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-09-11
F-Secure AVP: 7.0.171, 2007-09-11
F-Secure Orion: 1.2.37, 2007-09-11
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2007-08-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
robinrasbeary
2007-09-12, 07:45
here is the new Hijack log I sure hope we are getting somewhere...i had hell with the F-scan lol sorry it took so long...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:24 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1182116165\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1182116165\ee\aolsoftware.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182116165\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0E186096-5DE8-45AE-8BDC-E3CAF25A4E0C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188857568718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188857551546
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
--
End of file - 7105 bytes
Ok looks pretty good :)
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Open "My Computer" and delete the following files (if present):
C:\WINDOWS\SYSTEM32\AQSKESJN.INI
C:\WINDOWS\SYSTEM32\KQWYKEWY.INI
C:\WINDOWS\SYSTEM32\YYTTTGER.INI
Let me know how pc is running
This topic has been archived due to lack of a response.
If you need it re-opened, please send me a private message (pm) and provide a link to the thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.