euaaiih.dll

Status
Not open for further replies.
J

jasonmc

New member
hi there when i start up windows xp now... i find when i log in the message...
error loading C:\WINDOWS\system32\euaaiih.dll
the specific module could not be found....

i originally found a forum to get rid of the smitfruad-c toolbar888 trogan.. or what ever ... name of post smitfruad-c toolbar888

ran combofix.exe and vundofix.exe and followed ILLUKKA's instructions to remove a whole lot of junk using avgfree etc... my computer starts up normally and alot faster now with those removed... however i get a blasted error message stating the above when i log in....

is there any way of getting euaaiih.dll back or is a complete windows install required...

its the only error message that comes up on startup...

oh and lastly any way of getting rid of the windows xp security warning (your computer may be infected with harmful or unwanted software!) in the lower right corner... it wants me to download some winxpantivirus software which i tried but doesnt work...

thanks for ya time... reply or email me.
jason....
 
Vundo and combofix logs... beforehand...

Combo:

Jason - 06-11-13 18:25:39.74 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{348E261B-0706-1033-0806-020205220001}
C:\Program Files\Common Files\{048E261B-0706-1033-0806-020205220001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


2006-11-13 16:28 94,720 --a------ C:\WINDOWS\system32\xwxqbrn.dll
2006-11-13 16:28 72,704 --a------ C:\WINDOWS\system32\igjsbpc.dll
2006-11-13 16:28 59,392 --a------ C:\WINDOWS\system32\drvxul.dll
2006-11-13 16:28 40,973 ---hs---- C:\WINDOWS\system32\opnlkjj.dll
2006-11-13 14:45 59,392 --a------ C:\WINDOWS\system32\drvlur.dll
2006-11-13 14:45 40,973 ---hs---- C:\WINDOWS\system32\vtuvsss.dll
2006-11-13 13:18 77,824 --a------ C:\WINDOWS\system32\cfltygd.dll
2006-11-13 13:15 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-11-13 13:09 247,961 --a------ C:\WINDOWS\system32\hgddd.dll
2006-11-13 13:03 94,208 --a------ C:\WINDOWS\system32\euaaiih.dll
2006-11-13 13:03 72,704 --a------ C:\WINDOWS\system32\xkblrhg.dll
2006-11-13 13:03 40,973 ---hs---- C:\WINDOWS\system32\ssqrpmm.dll
2006-11-13 13:03 15,872 --a------ C:\WINDOWS\system32\winhkz32.dll
2006-11-13 12:52 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-01 09:51 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-11-01 09:51 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-11-01 09:51 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-11-01 09:51 266,880 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2006-11-01 09:51 116,176 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2006-11-01 09:51 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 18:27 -------- d-------- C:\Program Files\Common Files
2006-11-13 18:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-13 18:07 -------- d---s---- C:\Documents and Settings\Jason\Application Data\Microsoft
2006-11-13 17:36 -------- d-------- C:\Documents and Settings\Jason\Application Data\Help
2006-11-13 13:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-13 13:57 -------- d-------- C:\Program Files\EA GAMES
2006-11-13 13:27 -------- d-------- C:\Program Files\VirusBursters
2006-11-13 13:15 -------- d-------- C:\Documents and Settings\Jason\Application Data\WinAntiSpyware 2006
2006-11-13 13:08 -------- d-------- C:\Program Files\WinRAR
2006-11-13 13:00 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-11-13 12:50 -------- d-------- C:\Program Files\D-Tools
2006-11-10 01:01 -------- d-------- C:\Documents and Settings\Jason\Application Data\Macromedia
2006-11-01 09:58 -------- d-------- C:\Program Files\Java
2006-11-01 09:51 -------- d-------- C:\Program Files\Analog Devices
2006-11-01 09:50 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-01 09:50 -------- d-------- C:\Program Files\ATI Technologies
2006-10-18 08:55 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-06 14:35 -------- d-------- C:\Program Files\Common Files\Java
2006-10-06 14:17 -------- d-------- C:\Program Files\Messenger
2006-10-06 14:17 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 14:16 -------- d-------- C:\Program Files\Windows Media Player
2006-10-06 13:35 -------- d-------- C:\Program Files\Outlook Express
2006-10-06 13:35 -------- d-------- C:\Program Files\Common Files\System
2006-09-15 17:08 -------- d-------- C:\Documents and Settings\Jason\Application Data\Talkback
2006-09-15 17:02 -------- d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2006-09-01 01:03 62 --ahs---- C:\Documents and Settings\Jason\Application Data\desktop.ini
2006-08-31 17:52 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-31 17:52 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-31 14:13 0 -rahs---- C:\MSDOS.SYS
2006-08-31 14:13 0 -rahs---- C:\IO.SYS
2006-08-31 14:13 0 --a------ C:\CONFIG.SYS
2006-08-31 14:13 0 --a------ C:\AUTOEXEC.BAT
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 01:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 22:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TrackPointSrv"="tp4mon.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"euaaiih.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\euaaiih.dll,cuoeydf"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvxul.dll,startup"
"xwxqbrn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\xwxqbrn.dll,kewincd"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrpmm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhkz32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Low Battery Alarm Program.job

Completion time: 06-11-13 18:28:44.60
C:\ComboFix.txt ... 06-11-13 18:28

Vundo:
VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 6:15:27 PM 11/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\euaaiih.dll
C:\WINDOWS\system32\igjsbpc.dll
C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\xkblrhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\euaaiih.dll
C:\WINDOWS\system32\euaaiih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\igjsbpc.dll
C:\WINDOWS\system32\igjsbpc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\winhkz32.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xkblrhg.dll
C:\WINDOWS\system32\xkblrhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 6:42:46 PM 11/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\winhkz32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\winhkz32.dll Has been deleted!

Performing Repairs to the registry.
Done!

so the dll windows wants ur program deleted... should i place it back in system32 or what... im running a panda scan and then hijackthis log now... for u to view....

next post will have that
 
hijackthis log before online scan accadential..

Logfile of HijackThis v1.99.1
Scan saved at 11:27:20 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295DCD8D-82C1-1194-B4BE-0167E97EBF0F} - C:\WINDOWS\system32\igjsbpc.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C2D0560-8A85-A224-82C3-0975842C7AE7} - C:\WINDOWS\system32\xkblrhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - {CB911948-0E51-4851-8E9E-D8C5FACB9779} - C:\WINDOWS\system32\urqqo.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\akvhqfax.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
 
afterwards online scan and hijackthis log.

Panda:
Incident Status Location

Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSAdd-in\VSAdd-in.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[www.drivecleaner.com/.freeware/]
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\3dpkzlwr.default\cookies.txt[www.virusbursters.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt[.ads.pointroll.com/]
Adware:Adware/UltimateCleaner Not disinfected C:\Program Files\Ultimate Cleaner\app.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Program Files\Ultimate Cleaner\IeSafe.exe
Adware:Adware/VirusBurst Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\cfltygd.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\opnlkjj.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\ssqrpmm.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\upsuqtgj.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\vtuvsss.dll
 
hijacklog

Logfile of HijackThis v1.99.1
Scan saved at 12:23:05 AM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295DCD8D-82C1-1194-B4BE-0167E97EBF0F} - C:\WINDOWS\system32\igjsbpc.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C2D0560-8A85-A224-82C3-0975842C7AE7} - C:\WINDOWS\system32\xkblrhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CB911948-0E51-4851-8E9E-D8C5FACB9779} - C:\WINDOWS\system32\urqqo.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\akvhqfax.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [euaaiih.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\euaaiih.dll,cuoeydf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxul.dll,startup
O4 - HKLM\..\Run: [xwxqbrn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xwxqbrn.dll,kewincd
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: urqqo - C:\WINDOWS\system32\urqqo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
Hi jasonmc and welcome to Safer Networking Forums :)

You got some infections there...

From now on, please follow my instructions carefully...

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with the contents of C:\VundoFix.txt

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
 
smitfruadfix log and new vundo log...

didnt know if u wanted me to run vundo again but i guess u did... so i did...

:angel: SMIT LOG:
SmitFraudFix v2.120

Scan done at 11:32:57.23, Tue 11/14/2006
Run from C:\Documents and Settings\Jason\Desktop\New Folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\drvxul.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jason\FAVORI~1

C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



:angel: VUNDO LOG:
VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 6:15:27 PM 11/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\euaaiih.dll
C:\WINDOWS\system32\igjsbpc.dll
C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\xkblrhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\euaaiih.dll
C:\WINDOWS\system32\euaaiih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\igjsbpc.dll
C:\WINDOWS\system32\igjsbpc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\winhkz32.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xkblrhg.dll
C:\WINDOWS\system32\xkblrhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 6:42:46 PM 11/13/2006

Listing files found while scanning....

C:\WINDOWS\system32\winhkz32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winhkz32.dll
C:\WINDOWS\system32\winhkz32.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 11:41:17 AM 11/14/2006
 (NEW SCAN after fraudfix)
Listing files found while scanning....

C:\WINDOWS\system32\urqqo.dll
C:\WINDOWS\system32\oqqru.ini
C:\WINDOWS\system32\oqqru.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\oqqru.ini
C:\WINDOWS\system32\oqqru.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oqqru.bak1
C:\WINDOWS\system32\oqqru.bak1 Has been deleted!

Performing Repairs to the registry.
Done!
 
missed delete

found C:\WINDOWS\system32\urqqo.dll

vundo didnt delete that dunno if it meant to not...

u'll probably find that to...

Whats next master

thanks jason
 
hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 7:36:10 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295DCD8D-82C1-1194-B4BE-0167E97EBF0F} - C:\WINDOWS\system32\igjsbpc.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C2D0560-8A85-A224-82C3-0975842C7AE7} - C:\WINDOWS\system32\xkblrhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CB911948-0E51-4851-8E9E-D8C5FACB9779} - C:\WINDOWS\system32\urqqo.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\akvhqfax.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [euaaiih.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\euaaiih.dll,cuoeydf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxul.dll,startup
O4 - HKLM\..\Run: [xwxqbrn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xwxqbrn.dll,kewincd
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: urqqo - C:\WINDOWS\system32\urqqo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
Hi again, we'll continue :)

I'll try to answer you as soon as possible but these logs take their time. So please be patient :)

We'll remove Ultimate Cleaner and WinAntiVirus since these have a suspicious reputation. More here.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Then, make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:

WinAntiVirus
Ultimate Cleaner
VSAdd-in
 or similar entries
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {295DCD8D-82C1-1194-B4BE-0167E97EBF0F} - C:\WINDOWS\system32\igjsbpc.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {5C2D0560-8A85-A224-82C3-0975842C7AE7} - C:\WINDOWS\system32\xkblrhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {CB911948-0E51-4851-8E9E-D8C5FACB9779} - C:\WINDOWS\system32\urqqo.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\akvhqfax.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [euaaiih.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\euaaiih.dll,cuoeydf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxul.dll,startup
O4 - HKLM\..\Run: [xwxqbrn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xwxqbrn.dll,kewincd
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O20 - Winlogon Notify: urqqo - C:\WINDOWS\system32\urqqo.dll (file missing)


Please run Killbox.

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\xwxqbrn.dll
C:\WINDOWS\system32\drvxul.dll
C:\WINDOWS\system32\opnlkjj.dll
C:\WINDOWS\system32\drvlur.dll
C:\WINDOWS\system32\vtuvsss.dll
C:\WINDOWS\system32\xwxqbrn.dll
C:\WINDOWS\system32\cfltygd.dll
C:\WINDOWS\system32\hgddd.dll
C:\WINDOWS\system32\ssqrpmm.dll
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Select "Delete on Reboot".
Select "All Files".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders (if present):
C:\Program Files\VSAdd-in
C:\Program Files\Ultimate Cleaner
C:\Documents and Settings\Jason\Application Data\WinAntiSpyware 2006
C:\Program Files\WinAntiSpyware 2006

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Restart to the safe mode again.

Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\Rapport.txt
 
thanks comp running better still need more done...

Um dunno if killbox worked cause i had no box come up asking to delete the files but the heres kill box log:

Pocket Killbox version 2.0.0.648
Running on Windows XP as Jason(Administrator)
was started @ Tuesday, November 14, 2006, 8:25 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\xwxqbrn.dll


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\drvxul.dll


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\opnlkjj.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\drvlur.dll


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\vtuvsss.dll


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfltygd.dll


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\hgddd.dll


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\ssqrpmm.dll


I Rebooted @ 8:26:58 PM
Killbox Closed(Exit) @ 8:26:58 PM
__________________________________________________


NEXT
smitfruad log:

SmitFraudFix v2.120

Scan done at 20:37:32.13, Tue 11/14/2006
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\Jason\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Still got ATF CLEANER TO GO... post that shortly
 
So far it is looking good :)

Please post the HijackThis log and AVG Anti-Spyware logs when you're ready :bigthumb:
 
avg antiscan log thing

Im sorry to say. i acidently clicked apply all changes..before selecting quarenten certain things only had delete... i dunno what to do now... anyways log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:44:12 PM 11/14/2006

+ Scan result:



C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP18\A0022465.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-220523388-839522115-1060284298-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP16\A0022116.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP16\A0022135.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP17\A0022264.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP17\A0022269.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP17\A0022270.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP14\A0021081.exe -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP14\A0021055.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP14\A0021054.exe -> Dropper.Small.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP14\A0021075.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.46:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.70:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.59:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.60:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.53:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.55:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\1fwci9an.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.51:C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\pugmqrte.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP17\A0022312.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP16\A0022119.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP16\A0022120.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP16\A0022121.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A3576016-9D3E-423F-9741-023822A764C0}\RP17\A0022275.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).


::Report end

And a new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:51:37 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Thanks for your help computer seems to be running fine ish....
And my desktop has dissapeared... dam u lol

get back to me
 
Hi again, it is looking clean now :)
The computer is running fine ?

This time nothing bad got removed when you hitted the Apply All actions in AVG...So it is ok...

Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Then you should remove the old version of Java
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0 Update 6
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe ;)
 
thanks for the help bRO

yeah the computer seems to be running fine aye.. dunno if avg spyware is meant to have the gray icon with the s inside... or is it meant to be colourful like avg antivirus icon in the task tray.... ?

thanks for all ur help tho

jason
 
dont worry

i fixed the avg spyware thing... buy activeating.. residual shield and auto updates... so i should be fine now.. computer running fast as ... trying to download the things u said to and install them ... taking its time

thanks again
 
That's great news and you're very welcome :D:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:
 
Status
Not open for further replies.
Back
Top