Results 1 to 6 of 6

Thread: Hijack log Please assist

  1. 2009-07-05, 23:34 #1
    rlgsbs
    rlgsbs is offline
    Junior Member
    Join Date
    Jul 2009
    Posts
    9

    Default

    I have uninstalled SND for this
    Issues running files, AVG will not even run
    Sound files playing out of nowhere
    Very slow
    Sujin.com.np hijacked IE
    A virus scan was done today and removed virus' and some adware
    I had to download hijack from an exe because the install would not run
    ______________________________________________________________


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:25:06 PM, on 7/5/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Lisa Dougherty\Desktop\HJTInstall.exe
    C:\Documents and Settings\Lisa Dougherty\Desktop\HJTInstall.exe
    C:\Documents and Settings\Lisa Dougherty\Desktop\HJTInstall.exe
    C:\Documents and Settings\Lisa Dougherty\Desktop\HJTInstall.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Documents and Settings\Lisa Dougherty\Local Settings\Temporary Internet Files\Content.IE5\SD7105KL\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\WINDOWS\system32\winexplorer.dll (file missing)
    O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\nnnmlml.dll (file missing)
    O2 - BHO: (no name) - {50C35313-CCA0-4E63-8080-691F509FB2AF} - C:\WINDOWS\system32\sstqp.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1246828042421
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: nnnmlml - nnnmlml.dll (file missing)
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7777 bytes

    Will wait for advice..

    Thanks..

    BTW, SPYBOT will not even start up on this system
  2. 2009-07-06, 18:23 #2
    random/random
    random/random is offline
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Your log indicates that you are running HijackThis from a temporary location:

    C:\Documents and Settings\Lisa Dougherty\Local Settings\Temporary Internet Files\Content.IE5\SD7105KL\HiJackThis[1].exe

    Please move it to a more permanent folder such as C:\HJT

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt


    Post back with the Malwarebytes' Anti-Malware log and a new HijackThis log.
  3. 2009-07-07, 03:34 #3
    rlgsbs
    rlgsbs is offline
    Junior Member
    Join Date
    Jul 2009
    Posts
    9

    Default

    Malwarebytes' Anti-Malware 1.38
    Database version: 2383
    Windows 5.1.2600 Service Pack 2

    7/6/2009 8:58:15 PM
    mbam-log-2009-07-06 (20-58-15).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 139779
    Time elapsed: 1 hour(s), 49 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 53
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 14
    Files Infected: 34

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Program Files\QdrDrive\QdrDrive15.dll (Adware.SearchAid) -> Delete on

    reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse

    r Helper Objects\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo.H) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

    NT\CurrentVersion\Winlogon\Notify\nnnmlml (Trojan.Vundo.H) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9}

    (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{fe27c3b6-1bcf-43ea-99cf-1e6385589c8f}

    (Adware.SearchAid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{107a7b48-a430-42fa-8c8f-dd050e0210f9}

    (Adware.SearchAid) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer

    Bars\{107a7b48-a430-42fa-8c8f-dd050e0210f9} (Adware.SearchAid) ->

    Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{847b6838-bfb6-40a1-8888-736928099059}

    (Adware.SearchAid) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{847b6

    838-bfb6-40a1-8888-736928099059} (Adware.SearchAid) -> Quarantined and

    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse

    r Helper Objects\{847b6838-bfb6-40a1-8888-736928099059} (Adware.SearchAid)

    -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\quantic.plug (Adware.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\quantic.plug.1 (Adware.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\stflex.band (Trojan.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\stflex.band.1 (Trojan.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\stflex.bho (Trojan.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\stflex.bho.1 (Trojan.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CLASSES_ROOT\Interface\{cfcec0a5-e1da-4049-bdb6-8b461e7e1bf3}

    (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2e59498d-7e44-4452-9044-0973b080b9e8}

    (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{a5385046-c554-4205-a263-a67e273747de}

    (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421

    b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f

    07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e594

    98d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3feca

    576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted

    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse

    r Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert)

    -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism

    (Adware.ISM) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ichec

    k (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Quantic (Adware.BHO) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined

    and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi

    (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted

    successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and

    deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined

    and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined

    and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and

    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and

    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined

    and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outer

    info (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and

    deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted

    successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellE

    xecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) ->

    Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP

    (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand)

    -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and

    deleted successfully.

    Folders Infected:
    c:\documents and settings\Lisa Dougherty\Start Menu\Programs\Internet Speed

    Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Program Files\QdrDrive (Adware.AdBand) -> Delete on reboot.
    C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted

    successfully.
    C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
    C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted

    successfully.
    C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\wii (Trojan.Agent) -> Quarantined and deleted

    successfully.
    c:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted

    successfully.
    c:\documents and settings\Lisa Dougherty\Application Data\speedrunner

    (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted

    successfully.
    C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted

    successfully.

    Files Infected:
    C:\WINDOWS\system32\nnnmlml.dll (Trojan.Vundo.H) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\drivers\asc3350pp.sys (Rootkit.Agent.H) -> Delete on

    reboot.
    C:\Program Files\QdrDrive\QdrDrive15.dll (Adware.SearchAid) -> Delete on

    reboot.
    c:\program files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted

    successfully.
    c:\program files\JavaCore\UnInstall.exe (Adware.Insider) -> Quarantined and

    deleted successfully.
    c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted

    successfully.
    c:\WINDOWS\system32\UACbabwfdfyrjclont.dll (Spyware.OnlineGames) ->

    Quarantined and deleted successfully.
    c:\WINDOWS\system32\UAClvtfmlexuyijqfu.dll (Spyware.OnlineGames) ->

    Quarantined and deleted successfully.
    c:\WINDOWS\system32\UACobxxepxnvsswgwh.dll (Spyware.OnlineGames) ->

    Quarantined and deleted successfully.
    c:\WINDOWS\system32\UACorknpxvxcxovmvg.dll (Spyware.OnlineGames) ->

    Quarantined and deleted successfully.
    c:\WINDOWS\system32\UACxoaqrupbixxirsb.dll (Trojan.TDSS) -> Quarantined and

    deleted successfully.
    c:\documents and settings\lisa dougherty\start menu\Programs\internet speed

    monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted

    successfully.
    c:\documents and settings\lisa dougherty\start menu\Programs\internet speed

    monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted

    successfully.
    c:\program files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted

    successfully.
    c:\program files\qdrmodule\pckr.dat (Adware.ISM) -> Quarantined and deleted

    successfully.
    c:\program files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted

    successfully.
    c:\program files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted

    successfully.
    c:\documents and settings\lisa dougherty\application

    data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted

    successfully.
    c:\program files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and

    deleted successfully.
    c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and

    deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted

    successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted

    successfully.
    c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    c:\WINDOWS\BMe3018af7.xml (Trojan.Vundo) -> Quarantined and deleted

    successfully.
    c:\WINDOWS\BMe3018af7.txt (Trojan.Vundo) -> Quarantined and deleted

    successfully.
    c:\program files\common files\Yazzle1281OinUninstaller.exe

    (Adware.PurityScan) -> Quarantined and deleted successfully.
    c:\documents and settings\All Users\Start Menu\PAV\Personal AntiVirus.lnk

    (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\drivers\UACduxvyqetjcbqeep.sys (Trojan.Agent) ->

    Quarantined and deleted successfully.
    c:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on

    reboot.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:11 PM, on 7/6/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {50C35313-CCA0-4E63-8080-691F509FB2AF} - C:\WINDOWS\system32\sstqp.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1246828042421
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7337 bytes
  4. 2009-07-07, 19:27 #4
    random/random
    random/random is offline
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Run HijackThis.
    Click on Do a system scan only.
    Place a checkmark next to these lines (if still present).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {50C35313-CCA0-4E63-8080-691F509FB2AF} - C:\WINDOWS\system32\sstqp.dll (file missing)

    Then close all windows except HijackThis and click Fix Checked.

    Restart

    Use Windows Explorer to find and delete this file:

    C:\WINDOWS\system32\VirusRemoval.vbs

    As an example:
    To delete C:\WINDOWS\badfile.dll
    Double click the My Computer icon on your Desktop.
    Double click on Local Disc (C:\)
    Double click on the Windows folder,
    Right click on badfile.dll and then from the menu that appears, click on Delete

    Post back with a new HijackThis log and a description of any remaining problems.
  5. 2009-07-08, 01:15 #5
    rlgsbs
    rlgsbs is offline
    Junior Member
    Join Date
    Jul 2009
    Posts
    9

    Default

    Seems stable, thanks mate,,


    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:14:12 PM, on 7/7/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1246828042421
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 6402 bytes
  6. 2009-07-08, 01:19 #6
    random/random
    random/random is offline
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    You now appear to be clean. Congratulations!

    Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

    Below are some steps to follow in order to dramatically lower the chances of reinfection
    You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
      • Turn System Restore off
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Check Turn off System Restore.
      • Click Apply, and then click OK.
      Restart
      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck *Turn off System Restore*.
      • Click Apply, and then click OK.

      Note: only do this once, and not on a regular basis
    2. Keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    3. Install and use a firewall with outbound protection
      While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
      I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Online armor
      See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
      Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    4. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
      Go here to check for & install updates to Microsoft applications
      Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
    5. Keep your non-Microsoft applications updated as well
      Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
    6. Install SpywareBlaster & make sure to update it regularly
      SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
      If you don't know what activex controls are, see here
      You can download SpywareBlaster from here
    7. Install and use Spybot Search & Destroy
      Instructions are located here
      Make sure you update, reimmunize & scan regularly
    8. Make use of the HOSTS file included with Spybot Search & Destroy
      Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
      Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
      • Run Spybot Search & Destroy
      • Click on Mode, and then place a tick next to Advanced mode
      • Click Yes
      • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
      • Click on Add Spybot-S&D hosts list
      Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
      • Click Start > Run
      • Type services.msc & click OK
      • In the list, find the service called DNS Client & double click on it.
      • On the dropdown box, change the setting from automatic to manual.
      • Click OK & then close the Services window
      For a more detailed explanation of the HOSTS file, click here
    9. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules