Assistance With Unknown Infection

**Leprkon** · 2007-11-13, 22:14

Hello,

and here is your link~

http://rapidshare.com/files/69511278/log.txt

**Mr_JAk3** · 2007-11-14, 20:40

Hi, we'll continue

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
D:\WINDOWS\system32\blrwkjyp.dll
D:\WINDOWS\system32\lsmpmwtd.dll
D:\WINDOWS\system32\rxwwuebm.dll
D:\WINDOWS\system32\wowjldko.dll
D:\WINDOWS\system32\ndqfjron.dll
D:\WINDOWS\system32\wrhdlhpa.dll
D:\WINDOWS\system32\uabbajeh.dll
D:\WINDOWS\system32\ycandxdm.dll
D:\WINDOWS\system32\eshslpme.dll
D:\WINDOWS\system32\pcdhnpeu.dll
D:\WINDOWS\system32\ukjaynlv.dll
D:\WINDOWS\system32\ekqirxwq.dll
D:\WINDOWS\system32\xhwejjtc.dll
D:\WINDOWS\system32\mgfrcedl.dll
D:\WINDOWS\system32\hjwystnp.dll
D:\WINDOWS\system32\hmotjlqm.dll
D:\WINDOWS\system32\wxluwyaf.dll
D:\WINDOWS\system32\tumfjxle.dll
D:\WINDOWS\system32\rwnporur.dll
D:\WINDOWS\system32\edfwqjql.dll
D:\WINDOWS\system32\ehycghjj.exe
D:\WINDOWS\system32\nggbuokv.dll
D:\WINDOWS\system32\fsphhsvy.exe
D:\WINDOWS\system32\dqjnsgjj.dll
D:\WINDOWS\system32\lfbbphjw.exe
D:\WINDOWS\system32\yfhejrkj.dll
D:\WINDOWS\system32\iluhxqpx.dll
D:\WINDOWS\system32\owhcriqi.dll
D:\WINDOWS\system32\qwsjongc.exe
D:\WINDOWS\system32\amhqqqtd.dll
D:\WINDOWS\system32\chovtydx.dll
D:\WINDOWS\system32\gfuscchr.dll
D:\WINDOWS\system32\ejdnhlyp.dll
D:\WINDOWS\system32\xxywwus.dll
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\system32\ejdnhlyp.dll
D:\WINDOWS\system32\taskmar.exe
D:\WINDOWS\system32\lsmpmwtd.dll
D:\WINDOWS\system32\blrwkjyp.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{160b93d5-27ae-4fc6-a589-0c5f8d2ae3ac}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1cf5be8d-8913-4f02-80a5-0081e900e3c7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c0f79f14"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as "CFScript"

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**Leprkon** · 2007-11-14, 22:56

Here you go~

CF LOG

ComboFix 07-11-08.1 - Tsurugi Kyo 2007-11-14 15:49:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.222 [GMT -6:00]
Running from: D:\Documents and Settings\Tsurugi Kyo\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Tsurugi Kyo\Desktop\CFScript.txt
* Created a new restore point

FILE
D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\system32\amhqqqtd.dll
D:\WINDOWS\system32\blrwkjyp.dll
D:\WINDOWS\system32\chovtydx.dll
D:\WINDOWS\system32\dqjnsgjj.dll
D:\WINDOWS\system32\edfwqjql.dll
D:\WINDOWS\system32\ehycghjj.exe
D:\WINDOWS\system32\ejdnhlyp.dll
D:\WINDOWS\system32\ekqirxwq.dll
D:\WINDOWS\system32\eshslpme.dll
D:\WINDOWS\system32\fsphhsvy.exe
D:\WINDOWS\system32\gfuscchr.dll
D:\WINDOWS\system32\hjwystnp.dll
D:\WINDOWS\system32\hmotjlqm.dll
D:\WINDOWS\system32\iluhxqpx.dll
D:\WINDOWS\system32\lfbbphjw.exe
D:\WINDOWS\system32\lsmpmwtd.dll
D:\WINDOWS\system32\mgfrcedl.dll
D:\WINDOWS\system32\ndqfjron.dll
D:\WINDOWS\system32\nggbuokv.dll
D:\WINDOWS\system32\owhcriqi.dll
D:\WINDOWS\system32\pcdhnpeu.dll
D:\WINDOWS\system32\qwsjongc.exe
D:\WINDOWS\system32\rwnporur.dll
D:\WINDOWS\system32\rxwwuebm.dll
D:\WINDOWS\system32\taskmar.exe
D:\WINDOWS\system32\tumfjxle.dll
D:\WINDOWS\system32\uabbajeh.dll
D:\WINDOWS\system32\ukjaynlv.dll
D:\WINDOWS\system32\wowjldko.dll
D:\WINDOWS\system32\wrhdlhpa.dll
D:\WINDOWS\system32\wxluwyaf.dll
D:\WINDOWS\system32\xhwejjtc.dll
D:\WINDOWS\system32\xxywwus.dll
D:\WINDOWS\system32\ycandxdm.dll
D:\WINDOWS\system32\yfhejrkj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\17PHolmes572.exe
D:\WINDOWS\system32\amhqqqtd.dll
D:\WINDOWS\system32\blrwkjyp.dll
D:\WINDOWS\system32\chovtydx.dll
D:\WINDOWS\system32\dqjnsgjj.dll
D:\WINDOWS\system32\edfwqjql.dll
D:\WINDOWS\system32\ehycghjj.exe
D:\WINDOWS\system32\ejdnhlyp.dll
D:\WINDOWS\system32\ekqirxwq.dll
D:\WINDOWS\system32\eshslpme.dll
D:\WINDOWS\system32\fsphhsvy.exe
D:\WINDOWS\system32\gfuscchr.dll
D:\WINDOWS\system32\hjwystnp.dll
D:\WINDOWS\system32\hmotjlqm.dll
D:\WINDOWS\system32\iluhxqpx.dll
D:\WINDOWS\system32\lfbbphjw.exe
D:\WINDOWS\system32\lsmpmwtd.dll
D:\WINDOWS\system32\mgfrcedl.dll
D:\WINDOWS\system32\ndqfjron.dll
D:\WINDOWS\system32\nggbuokv.dll
D:\WINDOWS\system32\owhcriqi.dll
D:\WINDOWS\system32\pcdhnpeu.dll
D:\WINDOWS\system32\qwsjongc.exe
D:\WINDOWS\system32\rwnporur.dll
D:\WINDOWS\system32\rxwwuebm.dll
D:\WINDOWS\system32\taskmar.exe
D:\WINDOWS\system32\tumfjxle.dll
D:\WINDOWS\system32\uabbajeh.dll
D:\WINDOWS\system32\ukjaynlv.dll
D:\WINDOWS\system32\wowjldko.dll
D:\WINDOWS\system32\wrhdlhpa.dll
D:\WINDOWS\system32\wxluwyaf.dll
D:\WINDOWS\system32\xhwejjtc.dll
D:\WINDOWS\system32\ycandxdm.dll
D:\WINDOWS\system32\yfhejrkj.dll
.
---- Previous Run -------
.
D:\WINDOWS\cookies.ini
D:\WINDOWS\system32\ssttt.dll
D:\WINDOWS\system32\tttss.ini
D:\WINDOWS\system32\tttss.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-13 21:03 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-11-13 21:02 <DIR> d-------- D:\Program Files\TI Education
2007-11-13 21:02 <DIR> d-------- D:\Program Files\Common Files\TI Shared
2007-11-13 21:01 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 17:12 <DIR> d-------- D:\Documents and Settings\Tsurugi Kyo\Application Data\Move Networks
2007-11-13 07:43 26,296 --a------ D:\Documents and Settings\Tsurugi Kyo\Application Data\GDIPFONTCACHEV1.DAT
2007-11-11 12:43 <DIR> d--h----- D:\Documents and Settings\Tsurugi Kyo\Application Data\ijjigame
2007-11-11 12:43 58,776 --a------ D:\WINDOWS\system32\ijjiPlugin2.dll
2007-11-11 12:42 <DIR> d-------- D:\Program Files\NHN USA
2007-11-11 12:42 692,224 --a------ D:\WINDOWS\system32\ijjiSetup.exe
2007-11-10 13:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-09 23:43 49,536 -ra------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2007-11-09 17:25 <DIR> d-------- D:\VundoFix Backups
2007-11-06 20:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-03 21:18 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2007-11-03 21:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-03 17:50 <DIR> d-------- D:\Program Files\Yahoo!
2007-11-03 17:49 <DIR> d-------- D:\Program Files\CCleaner
2007-11-02 21:34 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 16:35 <DIR> d-------- D:\Program Files\iTunes
2007-11-02 16:35 <DIR> d-------- D:\Documents and Settings\Tsurugi Kyo\Application Data\Apple Computer
2007-11-02 16:34 <DIR> d-------- D:\Program Files\QuickTime
2007-11-02 16:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-02 16:32 <DIR> d-------- D:\Program Files\Common Files\Apple
2007-10-17 05:39 <DIR> d-------- D:\Documents and Settings\Tsurugi Kyo\Application Data\Viewpoint
2007-10-16 17:50 <DIR> d-------- D:\Documents and Settings\Tsurugi Kyo\Application Data\acccore
2007-10-16 17:48 <DIR> d-------- D:\Program Files\Common Files\AOL
2007-10-16 17:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-16 17:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\AOL
2007-10-16 17:46 <DIR> d-------- D:\Program Files\AIM6
2007-10-16 17:28 <DIR> d-------- D:\Program Files\Viewpoint
2007-10-16 17:28 <DIR> d-------- D:\Program Files\AIM
2007-10-16 17:28 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-16 17:28 344,064 --a------ D:\WINDOWS\system32\msvcr70.dll
2007-10-16 16:25 <DIR> d-------- D:\Program Files\Winamp
2007-10-16 16:25 <DIR> d-------- D:\Documents and Settings\Tsurugi Kyo\Application Data\Winamp
2007-10-14 10:14 <DIR> d-------- D:\Program Files\MSBuild
2007-10-14 10:00 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2007-10-14 09:58 <DIR> d-------- D:\Program Files\Reference Assemblies
2007-10-14 09:57 14,048 --a------ D:\WINDOWS\system32\spmsg2.dll
2007-10-14 09:47 23,856 --a------ D:\WINDOWS\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 21:50 --------- d-----w D:\Documents and Settings\Tsurugi Kyo\Application Data\Orbit
2007-11-11 18:42 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-11-10 17:08 --------- d-----w D:\Program Files\Java
2007-11-07 05:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 03:34 --------- d-----w D:\Program Files\BearShare
2007-10-25 21:20 --------- d-----w D:\Documents and Settings\Tsurugi Kyo\Application Data\uTorrent
2007-09-27 22:22 --------- d-----w D:\Program Files\PurePlay
2007-09-27 22:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\PurePlay
2007-09-27 09:31 --------- d-----w D:\Program Files\uTorrent
2007-09-17 23:39 --------- d-----w D:\Documents and Settings\Tsurugi Kyo\Application Data\RipIt4Me
2007-09-15 03:52 --------- d-----w D:\Program Files\Common Files\Adobe
2007-09-15 03:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-15 03:48 --------- d-----w D:\Program Files\Common Files\Adobe Systems Shared
2007-08-20 06:49 502,272 ----a-w D:\WINDOWS\system32\winlogon.exe
2007-08-20 06:35 298,104 ----a-w D:\WINDOWS\system32\imon.dll
.

((((((((((((((((((((((((((((( snapshot_2007-11-12_22.19.42.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-08-14 16:10:54 37,376 ----a-w D:\WINDOWS\system\lfbmp12n.dll
+ 2003-08-14 16:10:56 313,856 ----a-w D:\WINDOWS\system\LFCMP12n.DLL
+ 2003-08-14 16:10:56 78,336 ----a-w D:\WINDOWS\system\lffax12n.dll
+ 2003-08-14 16:10:56 109,568 ----a-w D:\WINDOWS\system\lfjbg12n.dll
+ 2003-08-14 16:10:56 32,256 ----a-w D:\WINDOWS\system\lflmb12n.dll
+ 2003-08-14 16:10:58 33,280 ----a-w D:\WINDOWS\system\lfpcx12n.dll
+ 2003-08-14 16:10:58 190,464 ----a-w D:\WINDOWS\system\lftif12n.dll
+ 2003-08-14 16:11:24 278,528 ----a-w D:\WINDOWS\system\LTDIS12n.dll
+ 2003-08-14 16:11:28 146,944 ----a-w D:\WINDOWS\system\ltfil12n.DLL
+ 2003-08-14 16:11:32 406,016 ----a-w D:\WINDOWS\system\ltkrn12n.dll
+ 2003-08-14 16:11:40 855,040 ----a-w D:\WINDOWS\system\Ltwvc12n.dll
- 2007-11-03 03:01:59 127,704 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-14 05:12:03 140,440 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2007-11-10 05:44:56 70,124 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2007-11-14 03:09:30 70,124 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2007-11-10 05:44:56 436,360 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2007-11-14 03:09:30 436,360 ----a-w D:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 19:51]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 19:39 D:\WINDOWS\SOUNDMAN.EXE]
"RegServer"="regserve.exe" [2005-01-28 14:41 D:\WINDOWS\system32\RegServe.exe]
"XGIWatchDog"="XWatDog.exe" [2005-01-28 14:42 D:\WINDOWS\system32\XWatDog.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-08-20 00:35]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"DeadAIM"="D:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 03:16]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 14:14]
"Aim6"="" []

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
Orbit.lnk - D:\Program Files\Orbitdownloader\orbitdm.exe [2007-09-13 16:27:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"= D:\WINDOWS\system32\byxyvts.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvts]
byxyvts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;D:\WINDOWS\system32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;D:\WINDOWS\system32\DRIVERS\ousb2hub.sys
R3 Xgiv3;Xgiv3;D:\WINDOWS\system32\DRIVERS\Xgiv3m.sys
S3 DrvSnSht;DrvSnSht;\??\D:\Program Files\R-Drive Image\DrvSnSht.sys
S3 MzBot;MzBot;\??\C:\MzBot.sys
S3 R-ImageDisk;R-ImageDisk;\??\D:\Program Files\R-Drive Image\R-ImageDisk.sys
S3 TIEHDUSB;TIEHDUSB;D:\WINDOWS\system32\drivers\tiehdusb.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1121d1e3-3d53-11dc-a004-806d6172696f}]
\Shell\AutoRun\command - H:\SETUP.EXE /UPDATE

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 15:52:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 15:53:06 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-09-06 05:55
D:\ComboFix2.txt ... 2007-11-12 22:20
D:\ComboFix3.txt ... 2007-09-06 05:55
.
--- E O F ---

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:49 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\XWatDog.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] XWatDog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O20 - Winlogon Notify: byxyvts - byxyvts.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6370 bytes

**Mr_JAk3** · 2007-11-15, 20:08

Looking much better

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: byxyvts - byxyvts.dll (file missing)

Run ATF Cleaner

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Restart your computer to the safe mode:

Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Run a scan with Dr.Web CureIt

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

**Leprkon** · 2007-11-16, 05:13

Done and Done~

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:32 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\XWatDog.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Eset\nod32krn.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Trend Micro\HijackThis\skanneri.exe
D:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] XWatDog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6151 bytes

Dr.Web CureIt

3RBYAICA.NQF;D:\Program Files\Eset\infected;Trojan.Hammer;Deleted.;
5APZRICA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.26881;Deleted.;
AIF3XRDA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
BFIGR4CA.NQF;D:\Program Files\Eset\infected;Trojan.Virtumod;Deleted.;
E1DJUCDA.NQF;D:\Program Files\Eset\infected;Trojan.Inject.380;Deleted.;
G1TJRTDA.NQF;D:\Program Files\Eset\infected;Trojan.Hammer;Deleted.;
L1TPHQDA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
LBZDRWCA.NQF;D:\Program Files\Eset\infected;Trojan.Spambot;Deleted.;
MEHCHNAA.NQF;D:\Program Files\Eset\infected;Adware.ClickSpring;;
MURCBQDA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
O0N4TMAA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.10963;Deleted.;
OD3GCSCA.NQF;D:\Program Files\Eset\infected;Trojan.Click.2446;Deleted.;
OUATVVBA.NQF\data001;D:\Program Files\Eset\infected\OUATVVBA.NQF;Adware.Mirarbar;;
OUATVVBA.NQF\data002;D:\Program Files\Eset\infected\OUATVVBA.NQF;Adware.Mirarbar;;
OUATVVBA.NQF;D:\Program Files\Eset\infected;Archive contains infected objects;Moved.;
P0FZUDCA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.10963;Deleted.;
PIGZHSCA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
PIJ2SDDA.NQF;D:\Program Files\Eset\infected;Trojan.Virtumod;Deleted.;
PM4IGNDA.NQF;D:\Program Files\Eset\infected;Adware.ClickSpring;;
QG525GDA.NQF;D:\Program Files\Eset\infected;Trojan.Hammer;Deleted.;
QQYGL4AA.NQF;D:\Program Files\Eset\infected;Adware.Aws;;
R0PH5XDA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
S2G2BOCA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.10963;Deleted.;
UL4LHPBA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
UUQCYABA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
VGP5OMAA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
VI1UWDAA.NQF;D:\Program Files\Eset\infected;Trojan.Virtumod.206;Deleted.;
VQR42FDA.NQF;D:\Program Files\Eset\infected;Trojan.EzulaAd;Deleted.;
VX3B0FDA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.24715;Deleted.;
X4TWZ1AA.NQF;D:\Program Files\Eset\infected;Trojan.DownLoader.36408;Deleted.;
wr-1-77.exe.vir;D:\qoobox\Quarantine\D\Program Files\svhost;Trojan.DownLoader.31840;Deleted.;
owhcriqi.dll.vir;D:\qoobox\Quarantine\D\WINDOWS\system32;Trojan.Juan.25;Deleted.;
A0020042.dll;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP117;Trojan.Virtumod.227;Deleted.;
A0024180.dll;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP122;Trojan.Virtumod.229;Deleted.;
A0024318.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP123;Trojan.DownLoader.31817;Deleted.;
A0024458.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP125;Trojan.EzulaAd;Deleted.;
A0024463.dll;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP125;Trojan.Juan.25;Deleted.;
A0024465.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP125;Trojan.EzulaAd;Deleted.;
A0008459.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP42;Adware.ZenoSearch;;
A0008465.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP42;Trojan.DownLoader.31840;Deleted.;
A0008603.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP42;Trojan.DownLoader.31840;Deleted.;
A0008702.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP46;Trojan.DownLoader.31840;Deleted.;
A0008728.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP46;Trojan.DownLoader.31840;Deleted.;
A0008736.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP47;Trojan.DownLoader.31840;Deleted.;
A0008764.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP48;Trojan.DownLoader.31840;Deleted.;
A0008788.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP48;Trojan.DownLoader.31840;Deleted.;
A0008798.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Trojan.DownLoader.31840;Deleted.;
A0008826.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Trojan.DownLoader.31840;Deleted.;
A0009826.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Trojan.DownLoader.31840;Deleted.;
A0010047.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Trojan.DownLoader.31840;Deleted.;
A0010069.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Adware.ZenoSearch;;
A0010070.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Adware.ZenoSearch;;
A0010071.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP49;Adware.Hotbot;;
A0010227.exe;D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP53;Trojan.DownLoader.31840;Deleted.;

**Mr_JAk3** · 2007-11-16, 19:27

Hello

Looks clean now. How is the pc running?

**Leprkon** · 2007-11-16, 22:45

It runs just fine!

This isthe second time you guys have helped me out. I thank you.

If anything occures, I wil lbe sure to come back. (hopefully I won't....or...not anytime soon anyways.@_@)

Haha, well, I thank you again.

**Mr_JAk3** · 2007-11-17, 10:58

You're very welcome

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:

You can remove the tools we used.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use AVG Anti-Spyware
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly. How to enable Automatic Updates?
Keep your antivirus and firewall up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

Thread: Assistance With Unknown Infection

Thread Tools

Display

Posting Permissions