View Full Version : Unwanted pop-ups and other files.
hi, i am new to this so im just hoping this is write.. i regularly get winantiviruspro2006 pop-ups when i open Internet explorer, so i was wondering how to stop this.
Also, when i finished a scan of my computer my symantec antivirus found files like "UWA6P_0001_N91M1807NetInstaller.exe" and said they were left alone, but when i looked for these files they were not in the directory. Any help to correct these issues would be much appreciated. I have posted the logs from HijackThis below. Thanks in advance, Dale.
Logfile of HijackThis v1.99.1
Scan saved at 14:01:26, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dale G\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [wQknm] C:\WINDOWS\muhyevp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunOnce: [SNDInst.exe] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDInst.exe /7
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Hi dalego and welcome the Spybot.info :)
You got some infections there.
Please rename HijackThis.exe to Scanner.exe
Then please post an uninstall list to here:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Then, post a fresh HijackThis (Scanner.exe) log to here too :bigthumb:
thank you for replying so quickly.. Here is the copy of the save list... notepad:
Ad-Aware SE Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Amazing Photo Editor V5.3
Azureus
Championship Manager 01-02
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell Wireless WLAN Card
Digital Line Detect
DivX
DivX Player
DivX Web Player
Google Earth
HijackThis 1.99.1
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internal Network Card Power Management
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.12.6
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Windows Journal Viewer
Modem Helper
Mozilla Firefox (1.5.0.7)
NetWaiting
Network Play System (Patching)
Nokia Connectivity Cable Driver
Nokia PC Suite
Outlaw Racers
PowerDVD 5.5
Pro Evolution Soccer 5
QuickSet
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Symantec AntiVirus
Synaptics Pointing Device Driver
tedsaver1
The Sims
TigerGame PS/PS2 Game Controller Adapter
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Virtual DJ - Atomix Productions
Virtual Turntables
VSToolbar for Internet Explorer
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
and here is a fresh (scanner.exe) log file:
(have i renamed it properly)??
Logfile of HijackThis v1.99.1
Scan saved at 15:49:19, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Dale G\Desktop\Scanner.exe\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {053FF380-0FA2-46B4-B941-6B8FB764FEC9} - C:\WINDOWS\system32\geebb.dll
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rxykwqos.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [wQknm] C:\WINDOWS\muhyevp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunOnce: [SNDInst.exe] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDInst.exe /7
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g17056265.dll (file missing)
O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Hi again, we'll begin the cleaning :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Disable Ad-Aware Ad-Watch realtime protection (It may interfere with our cleaning process and we enable it when you're clean...)
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes.
Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:
tedsaver1 <--- If you do not know what this is
VSToolbar for Internet Explorer
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Download win32delfkil.exe (http://users.telenet.be/marcvn/tools/win32delfkil.exe). Save it on your desktop.
Close all windows.
Double click on win32delfkil.exe to start the removaltool.
The computer will reboot automatically.
After reboot a logfile will open: c:\windelf.txt
================
When you're ready, post the following logs to here:
- a fresh HijackThis log
- contents of C:\vundofix.txt
- contents of C:\windelf.txt
HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 17:22:13, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dale G\Desktop\Hijack This\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {053FF380-0FA2-46B4-B941-6B8FB764FEC9} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rxykwqos.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [wQknm] C:\WINDOWS\muhyevp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunOnce: [SNDInst.exe] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDInst.exe /7
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g17056265.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
here is the vundofix.txt log:
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 16:25:08 20/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\fyxlnhaa.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\ixpmsoil.dll
C:\WINDOWS\system32\rxykwqos.dll
C:\WINDOWS\system32\aqbmxwxf.exe
C:\WINDOWS\system32\bvywwvql.exe
C:\WINDOWS\system32\dqphogxq.exe
C:\WINDOWS\system32\eewhwrvs.exe
C:\WINDOWS\system32\ehssxwsv.exe
C:\WINDOWS\system32\hvcrocvh.exe
C:\WINDOWS\system32\hvpbbrrs.exe
C:\WINDOWS\system32\hybwlyms.exe
C:\WINDOWS\system32\jlasrskx.exe
C:\WINDOWS\system32\lljcesfk.exe
C:\WINDOWS\system32\lnafwyis.exe
C:\WINDOWS\system32\lqsamqxn.exe
C:\WINDOWS\system32\mrpeyncy.exe
C:\WINDOWS\system32\qmchmpaw.exe
C:\WINDOWS\system32\qtdgeoro.exe
C:\WINDOWS\system32\qxwjcehq.exe
C:\WINDOWS\system32\rjqipjmn.exe
C:\WINDOWS\system32\rlladqbg.exe
C:\WINDOWS\system32\twiffkqg.exe
C:\WINDOWS\g17056265.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fyxlnhaa.dll
C:\WINDOWS\system32\fyxlnhaa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bbeeg.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ixpmsoil.dll
C:\WINDOWS\system32\ixpmsoil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rxykwqos.dll
C:\WINDOWS\system32\rxykwqos.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aqbmxwxf.exe
C:\WINDOWS\system32\aqbmxwxf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\bvywwvql.exe
C:\WINDOWS\system32\bvywwvql.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\dqphogxq.exe
C:\WINDOWS\system32\dqphogxq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\eewhwrvs.exe
C:\WINDOWS\system32\eewhwrvs.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ehssxwsv.exe
C:\WINDOWS\system32\ehssxwsv.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvcrocvh.exe
C:\WINDOWS\system32\hvcrocvh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvpbbrrs.exe
C:\WINDOWS\system32\hvpbbrrs.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\hybwlyms.exe
C:\WINDOWS\system32\hybwlyms.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlasrskx.exe
C:\WINDOWS\system32\jlasrskx.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lljcesfk.exe
C:\WINDOWS\system32\lljcesfk.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnafwyis.exe
C:\WINDOWS\system32\lnafwyis.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lqsamqxn.exe
C:\WINDOWS\system32\lqsamqxn.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\mrpeyncy.exe
C:\WINDOWS\system32\mrpeyncy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qmchmpaw.exe
C:\WINDOWS\system32\qmchmpaw.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtdgeoro.exe
C:\WINDOWS\system32\qtdgeoro.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qxwjcehq.exe
C:\WINDOWS\system32\qxwjcehq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rjqipjmn.exe
C:\WINDOWS\system32\rjqipjmn.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rlladqbg.exe
C:\WINDOWS\system32\rlladqbg.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\twiffkqg.exe
C:\WINDOWS\system32\twiffkqg.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Has been deleted!
Performing Repairs to the registry.
Done!
However, the VSToolbar will not remove and the win32delfkil program freezes so i cannot post a log of that. thanks, Dale.
I just tried the win32delfkil again and it started momentarily an this log file appeared in the c directory:
WIN32DELFKIL LOGFILE - by Marckie
version 3.06
20/10/2006 17:34:32.85
running from: "C:\"
--- File(s) found in Windows directory ---
--- File(s) found in system32 folder ---
--- Services ---
--- Export SharedTaskScheduler key ---
--- Notify key ---
--- rebooting the computer ---
Hi again, we'll continue :)
We'll remove the old java's (We'll install the latest version later)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Disable Ad-Aware Ad-Watch realtime protection (It may interfere with our cleaning process and we enable it when you're clean...)
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Then, make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
I need you to upload one file for further analysis....
Please go to thespykiller.co.uk (http://www.thespykiller.co.uk/forum/index.php?board=1.0)
Read the instructions for uploading a file from this thread (http://www.thespykiller.co.uk/forum/index.php?topic=5.0)
Create a topic named C:\WINDOWS\g17056265.dll
Remember to include the link to this topic in your post.
Upload the following file to the topic:
C:\WINDOWS\g17056265.dll
When you've done this, please post a link to the thread you created to here.
==================
Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
VSToolbar for Internet Explorer
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list. Fix also the BLUE entries if you don't use the Dell's MyWay (http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&cs=19&l=en&s=dhs&dn=1091919) service.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {053FF380-0FA2-46B4-B941-6B8FB764FEC9} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rxykwqos.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [wQknm] C:\WINDOWS\muhyevp.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g17056265.dll (file missing)
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\muhyevp.exe
C:\WINDOWS\g17056265.dll
Go to the My Computer and delete the following folders (if present):
C:\Program Files\VSToolbar
C:\Program Files\webHancer
C:\Program Files\SurfAccuracy
C:\Program Files\Internet Optimizer
Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: wingdm32.dll
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log
hi again. firstly i was unable to upload the C:\WINDOWS\g17056265.dll
file to the other site as i cant find it on my computer??
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:13:23 21/10/2006
+ Scan result:
HKLM\SOFTWARE\saap -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1152312699-1165275744-781128428-1006\Software\saap -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033701.dll -> Adware.DriveCleaner : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1152312699-1165275744-781128428-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033698.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0035493.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030358.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030359.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030360.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030361.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030362.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030370.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030375.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0030380.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1152312699-1165275744-781128428-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1152312699-1165275744-781128428-1006\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1152312699-1165275744-781128428-1006\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0035530.exe -> Downloader.Agent.aqh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035711.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035712.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035714.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035716.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035719.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035720.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035723.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035726.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035728.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035729.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035730.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035732.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035735.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035858.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035860.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\fyxlnhaa.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\VundoFix Backups\ixpmsoil.dll.bad -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035864.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035866.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035874.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035877.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\dqphogxq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\ehssxwsv.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\mrpeyncy.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\qxwjcehq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035862.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035863.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035865.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035867.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035868.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035869.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035870.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035871.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035872.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035875.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035876.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035878.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035880.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
sorry, report cont'd:
C:\VundoFix Backups\aqbmxwxf.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\bvywwvql.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\eewhwrvs.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\hvcrocvh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\hvpbbrrs.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\hybwlyms.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\jlasrskx.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lljcesfk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\lnafwyis.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\qmchmpaw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\qtdgeoro.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\rjqipjmn.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\VundoFix Backups\twiffkqg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.209:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.210:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.211:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.212:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.102:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.28:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.191:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.33:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.253:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.292:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.293:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.294:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.295:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.35:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.42:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.19:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.6:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.164:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.165:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.286:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.302:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.303:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.331:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.339:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.340:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.84:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.268:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.110:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.111:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.193:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.194:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.272:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.273:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.90:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.91:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.92:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.24:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.27:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.290:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.184:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.185:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.149:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.150:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.250:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.251:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.200:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.205:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.223:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.343:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.344:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.97:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.98:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.296:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.297:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.298:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.254:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.255:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.257:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.256:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.345:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.81:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.245:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.243:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.244:C:\Documents and Settings\The Family\Application Data\Mozilla\Firefox\Profiles\5cjvmkgj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035733.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035724.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035873.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0035879.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\lqsamqxn.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\rlladqbg.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).
::Report end
and fresh hijack this report:
Logfile of HijackThis v1.99.1
Scan saved at 18:20:44, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Dale G\Desktop\Hijack This\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Hi again, it is looking clean now :)
The computer is running fine ?
Fix this leftover with HijackThis:
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
You had keyloggers there, if this system is used for online banking or has credit card information on it, all passwords should be changed immediately. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.
Skip the following if your Norton includes a firewall...
====================
You don't seem to a firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
====================
You can enable Ad-Aware Ad-Watch realtime protection
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Check both of those boxes.
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove VundoFix and win32delfkil, we don't need those anymore.
You can remove the following backup folder, C:\VundoFix Backups
Then you can install the latest version of Java (5.0 update 9) -> Instructions (http://forums.spybot.info/showpost.php?p=12880&postcount=2
)
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://castlecops.com/postlite7736-.html)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
hi, thanks for everything, but what about the new version of java u said " we will install later"??
i have deleted my currrent java, what to do now??
sorry, just read the message again and have seen the instructions. thank you very much. :bigthumb:
You're very welcome, nice that we were able to help :bigthumb:
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
glad we could help :D:
thank you Mr_JAk3 :bigthumb: