PDA

View Full Version : Need help to remove VirtuMonde Trojan


star99ers
2007-12-08, 07:10
Hi there, my PC was recently infected with the VirtuMonde Trojan. It turned up on Spybot S&D, and I removed it, but I am still getting pop ups as well as the info to download random Spyware removal programs.

I also ran VundoFix and deleted one file that it had found, which didn't solve the problem. I need some help with this, it would be much appreciated.

Here's my Kapersky Scan report.

Scan Statistics
Total number of scanned objects 190052
Number of viruses found 24
Number of infected objects 68
Number of suspicious objects 0
Duration of the scan process 03:27:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Joel Tetrault\Application Data\Sun\Java\Deployment\cache\6.0\25\9180419-22a00ca5/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Joel Tetrault\Application Data\Sun\Java\Deployment\cache\6.0\25\9180419-22a00ca5 ZIP: infected - 1 skipped

C:\Documents and Settings\Joel Tetrault\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\History\History.IE5\MSHist012007120720071208\index.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\rkvomqoh.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\win1B7.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\win1C5.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\win1C5.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temp\~uga6psetup.exe Inno: infected - 4 skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temporary Internet Files\Content.IE5\050H2LEN\1184497718[2].jpg Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temporary Internet Files\Content.IE5\8T6VOD6V\go[1].htm Infected: Trojan-Clicker.HTML.IFrame.fp skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\Local Settings\Temporary Internet Files\Content.IE5\U3HQ26VQ\1184497718[1].jpg Object is locked skipped

C:\Documents and Settings\Joel Tetrault\My Documents\ѕуstem\ati2evxx.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped

C:\Documents and Settings\Joel Tetrault\ntuser.dat Object is locked skipped

C:\Documents and Settings\Joel Tetrault\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\AVSystemCare\FMTR.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Program Files\AVSystemCare\fopnl.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Program Files\AVSystemCare\scnkrnl.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Program Files\Common Files\AVSystemCare\ugcw.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs Infected: not-virus:BadJoke.JS.RJump skipped

C:\Program Files\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped

C:\Program Files\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe Infected: not-virus:BadJoke.JS.RJump skipped

C:\Program Files\fp2006-final-3.00-setup.zip ZIP: infected - 2 skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\01635C27 Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\0A64543E.tmp Infected: not-virus:Hoax.Win32.Renos.hx skipped

C:\Program Files\Norton AntiVirus\Quarantine\0C046F95 Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\0C046F95.part Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\0C723BFB.tmp Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\0C7634D0.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\0EB83C53 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Program Files\Norton AntiVirus\Quarantine\1034721D.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\227D5AE1 Infected: Trojan.Java.ClassLoader.as skipped

C:\Program Files\Norton AntiVirus\Quarantine\23AE08BF.bin Infected: Exploit.Win32.IMG-ANI.w skipped

C:\Program Files\Norton AntiVirus\Quarantine\24376F87 Infected: Trojan.Java.ClassLoader.as skipped

C:\Program Files\Norton AntiVirus\Quarantine\27AC61B9 Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\2BA1395F Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\3F6D52AD Infected: not-virus:Hoax.Win32.Renos.kd skipped

C:\Program Files\Norton AntiVirus\Quarantine\3F6D52AD.exe Infected: not-virus:Hoax.Win32.Renos.kd skipped

C:\Program Files\Norton AntiVirus\Quarantine\42253298 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\Program Files\Norton AntiVirus\Quarantine\52482AD6.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\Program Files\Norton AntiVirus\Quarantine\56F65BAF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\57BD5CD4 Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\75A567A5 Infected: Exploit.Java.Gimsh.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0 Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP2.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145423.exe Infected: Trojan.Win32.Inject.ks skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145424.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bja skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145425.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bja skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145425.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yq skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145425.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.ks skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145425.exe/data.rar Infected: Trojan.Win32.Inject.ks skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP469\A0145425.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP470\A0147468.dll Infected: Trojan.Win32.Dialer.yq skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP470\A0147470.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP471\A0148500.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP471\A0148501.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP471\A0148502.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP471\A0148503.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP472\A0149942.exe Infected: Trojan.Win32.Dialer.yq skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP472\A0151017.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

C:\System Volume Information\_restore{9C11B671-0EF2-4B80-87DC-9A604B4CA9C4}\RP472\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\FMTR.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\WINDOWS\system32\dsymagnm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\khfecca.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bja skipped

C:\WINDOWS\system32\lnnzkrxr.dll Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_290.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped
star99ers
2007-12-08, 07:11
And here is my HijackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:20 PM, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ikhcdbsk.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\AVSYST~1\ugcw.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\DOCUME~1\JOELTE~1\MYDOCU~1\STEM~1\ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.google.ca/
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar -

{11A69AE4-FBED-4832-A2BF-45AF82825583} -

C:\WINDOWS\system32\lnnzkrxr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [9c605146] rundll32.exe

"C:\WINDOWS\system32\qqcfgqrr.dll",b
O4 - HKLM\..\Run: [AVSystemCare] C:\Program

Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugcw]

"C:\PROGRA~1\COMMON~1\AVSYST~1\ugcw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common

Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com;

ad=http://avsystemcare.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Smob]

"C:\DOCUME~1\JOELTE~1\MYDOCU~1\STEM~1\ati2evxx.exe" -vt

yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\ikhcdbsk.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV -

{44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program

Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.ca

b
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}

(CMediaMix Object) -

http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/

en/x86/client/wuweb_site.cab?1178746682195
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System

Requirements Lab) -

http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}

(DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/

en/x86/client/muweb_site.cab?1178746673703
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial

cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClien

t.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F}

(YYGInstantPlay Control) -

http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548}

(HGPlugin9USA Class) -

http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/

HGPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

(PopCapLoader Object) -

http://www.popcap.com/games/popcaploader_v6.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{CCAD3799-F187-4C0A-BDD3

-BEE9B110494C}: NameServer = 142.161.130.155,142.161.2.155
O23 - Service: Adobe LM Service - Unknown owner -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service

(ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program

Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: DomainService - -

C:\WINDOWS\system32\ikhcdbsk.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA -

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) -

Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) -

Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: Wiksesp - WIBU-SYSTEMS AG - (no file)
O23 - Service: X10 Device Network Service (x10nets) -

Unknown owner - C:\PROGRA~1\ATIMUL~2\RemCtrl\x10nets.exe

(file missing)

--
End of file - 6869 bytes



Thanks in advance to whoever can help out with this. If you need more info then let me know please. Thanks again.
pskelley
2007-12-22, 13:58
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Sorry about the wait, you missed this information also:
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

If you still need help, read the directions and follow them all. Turn off word wrap in notepad:

Note: In notepad under Format, uncheck "Word Wrap" Produce all HJT logs like this, single spaced.
single-spaced - (of type or print) not having a blank space between lines.Then post a new HJT log. Do not post another Kaspersky scan result until I request it.

Thanks
star99ers
2007-12-24, 08:17
Thanks for the response. I decided to go ahead and use my computer's recovery CD to do a clean install of Windows XP, and move the hard drive contents to a storage folder. That removed the popups and stuff that was going on.

Next time, I will definitely use the Waiting room thread if my post gets overlooked, it is a pain to install applications again.

Thanks again for the Reply. I appreciate it.:bigthumb:
pskelley
2007-12-24, 14:00
Thanks for letting us know, keep in mind if you moved infected files to "storage" and then you return them to your computer, you will be infected again. Installing Windows will not remove the infected files. See this information.

http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html
http://helpdesk.its.uiowa.edu/windows/instructions/reformat.htm

Happy Holidays:santa:

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.