Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Winantiviruspro - How to Remove?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Winantiviruspro - How to Remove?

Unread postby Buttpt » August 2nd, 2006, 1:59 pm

Hi!

I have this "winantiviruspro" on my computer ant its always poping up.
I've already seen some topics talking about this and decided to post my hijack log.

Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 18:54:44, on 02-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Armindo\Ambiente de trabalho\MALWARE REMOVAL\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Hope someone can help me.
Thanks :)
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » August 2nd, 2006, 7:33 pm

Welcome !! Please take note of the following while we are working together:
  • Your fix may take a couple posts so please be patient even if you don't see immediate results.
  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's definitely better to be sure and safe than sorry.

***************************************

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


Note: If Vundofix never re-opens, please try running vundofix again, but without the check next to "Run VundoFix as a task."

Because some malware is hiding from Hijackthis, please rename Hijackthis to HJT and post a new hijackthis log.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Buttpt » August 2nd, 2006, 8:20 pm

First of all thanks for the help!
Now the log files:

VundoFix


VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Sun Java not detected
Scan started at 1:01:07 03-08-2006

Listing files found while scanning....

C:\windows\system32\vtsqq.dll
C:\windows\system32\qqstv.ini
C:\windows\system32\qqstv.bak1
C:\windows\system32\qqstv.bak2

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqq.dll Could not be deleted.

Attempting to delete C:\windows\system32\qqstv.ini
C:\windows\system32\qqstv.ini Has been deleted!

Attempting to delete C:\windows\system32\qqstv.bak1
C:\windows\system32\qqstv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qqstv.bak2
C:\windows\system32\qqstv.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Sun Java not detected
Scan started at 1:08:07 03-08-2006

Listing files found while scanning....

C:\windows\system32\vtsqq.dll
C:\windows\system32\qqstv.ini
C:\windows\system32\qqstv.bak1

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqq.dll Could not be deleted.

Attempting to delete C:\windows\system32\qqstv.ini
C:\windows\system32\qqstv.ini Has been deleted!

Attempting to delete C:\windows\system32\qqstv.bak1
C:\windows\system32\qqstv.bak1 Has been deleted!

Performing Repairs to the registry.
Done!



HJT

Logfile of HijackThis v1.99.1
Scan saved at 1:15:49, on 03-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Armindo\Ambiente de trabalho\MALWARE REMOVAL\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3618CE70-1761-4889-812F-4C00C295775C} - C:\WINDOWS\system32\vtsqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Note: When I tried to eliminate the files with VundoFix it said that it couldn't eliminate one of the files because it was being used by another program, so after restarting I runned VundoFix again to check if the files were eliminated but they were not (only one I think).

Thanks again.
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby agrarianmonk » August 2nd, 2006, 8:21 pm

it's ok, got another way for you:

Download this file - combofix.exe

and save it to your desktop.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /v vtsqq

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log


*use separate posts to ensure the logs don't get cut off!

*if you wouldn't mind, could you stop italicizing your logs? it makes them harder to read ;)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Buttpt » August 2nd, 2006, 8:56 pm

ComboFix

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SYSTEM32\VTSQQ.DLL
C:\WINDOWS\SYSTEM32\QQSTV.INI


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\SYSTEM32\QQSTV.INI

1:54:10,28
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-03 01:45:12 331750 ( A.... ) "C:\combofix.exe"
2006-08-03 00:18:40 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe"
2006-08-01 20:36:16 ( .D... ) "C:\Programas\Warcraft III"
2006-07-30 02:53:44 ( .D... ) "C:\Programas\Firaxis Games"
2006-07-30 02:44:06 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\My Games"
2006-07-12 00:05:20 ( .D... ) "C:\Programas\UBISOFT"
2006-07-04 23:10:36 ( .D... ) "C:\Programas\iolo"
2006-07-04 22:52:20 ( .D... ) "C:\Programas\Windows Defender"
2006-07-04 22:27:54 81424 ( A.... ) "C:\WINDOWS\system32\regperf.exe"
2006-07-03 22:47:46 ( .D... ) "C:\Programas\Lavasoft"
2006-07-03 22:35:56 ( .D... ) "C:\Programas\Rizal"
2006-07-02 23:51:36 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Lavasoft"
2006-06-30 23:33:36 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Hamachi"
2006-06-30 21:45:34 18432 ( A.... ) "C:\WINDOWS\system32\winosz32.dll"
2006-06-30 16:51:10 ( .D... ) "C:\Programas\The All-Seeing Eye"
2006-06-30 12:45:38 ( .D... ) "C:\Programas\EA GAMES"
2006-06-30 12:18:48 ( .D... ) "C:\Programas\Registry Mechanic"
2006-06-30 11:59:18 2379 ( A.... ) "C:\WINDOWS\system32\sdbackup.reg"
2006-06-30 11:58:42 ( .D... ) "C:\Programas\DAEMON Tools"
2006-06-28 23:54:08 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\System Requirements Lab"
2006-06-28 23:54:04 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Sun"
2006-06-28 23:52:52 ( .D... ) "C:\Programas\Java"
2006-06-28 23:52:50 ( .D... ) "C:\Programas\Ficheiros comuns\Java"
2006-06-23 09:28:56 5512704 ( ..... ) "C:\WINDOWS\system32\ieframe.dll"
2006-06-23 09:28:56 454144 ( ..... ) "C:\WINDOWS\system32\msfeeds.dll"
2006-06-23 09:28:56 413696 ( A.... ) "C:\WINDOWS\system32\vbscript.dll"
2006-06-23 09:28:56 223744 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2006-06-23 09:28:56 179200 ( ..... ) "C:\WINDOWS\system32\ieui.dll"
2006-06-23 09:28:56 155648 ( A.... ) "C:\WINDOWS\system32\msls31.dll"
2006-06-23 09:28:56 47616 ( ..... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2006-06-23 05:41:42 172544 ( ..... ) "C:\WINDOWS\system32\WinFXDocObj.exe"
2006-06-23 05:40:44 78848 ( A.... ) "C:\WINDOWS\system32\ieencode.dll"
2006-06-23 05:40:04 40960 ( A.... ) "C:\WINDOWS\system32\url.dll"
2006-06-23 05:39:52 39424 ( A.... ) "C:\WINDOWS\system32\licmgr10.dll"
2006-06-23 05:39:08 99328 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2006-06-23 05:37:18 14336 ( A.... ) "C:\WINDOWS\system32\corpol.dll"
2006-06-23 05:34:30 228864 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2006-06-23 05:34:16 167936 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2006-06-23 05:34:06 81920 ( A.... ) "C:\WINDOWS\system32\admparse.dll"
2006-06-23 05:34:06 50688 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2006-06-23 05:34:02 372736 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2006-06-23 05:33:42 54272 ( A.... ) "C:\WINDOWS\system32\iesetup.dll"
2006-06-23 05:33:22 41984 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2006-06-23 05:33:00 121856 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2006-06-23 05:30:22 11776 ( ..... ) "C:\WINDOWS\system32\msfeedssync.exe"
2006-06-23 05:29:56 55296 ( ..... ) "C:\WINDOWS\system32\icardie.dll"
2006-06-23 05:29:22 35328 ( A.... ) "C:\WINDOWS\system32\imgutil.dll"
2006-06-23 05:27:56 251392 ( ..... ) "C:\WINDOWS\system32\iertutil.dll"
2006-06-23 05:26:52 45568 ( A.... ) "C:\WINDOWS\system32\mshta.exe"
2006-06-23 04:46:30 377856 ( ..... ) "C:\WINDOWS\system32\ieapfltr.dll"
2006-06-23 04:45:30 48640 ( A.... ) "C:\WINDOWS\system32\mshtmler.dll"
2006-06-23 04:41:42 172032 ( A.... ) "C:\WINDOWS\system32\ieakui.dll"
2006-06-20 15:31:42 ( .D... ) "C:\Programas\Ficheiros comuns\Adobe"
2006-06-19 15:18:34 22752 ( A.... ) "C:\WINDOWS\system32\spupdsvc.exe"
2006-06-19 15:18:16 23552 ( ..... ) "C:\WINDOWS\system32\idndl.dll"
2006-06-19 15:18:16 20480 ( ..... ) "C:\WINDOWS\system32\normaliz.dll"
2006-06-16 23:01:40 ( .D... ) "C:\Programas\Alwil Software"
2006-06-15 17:24:56 ( .D... ) "C:\Programas\Firefly Studios"
2006-06-15 16:58:28 43 ( ..SH. ) "C:\Documents and Settings\Armindo\Application Data\.zreglib"
2006-06-15 15:15:34 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Nokia"
2006-06-15 15:15:32 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Datalayer"
2006-06-15 15:13:12 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\PC Suite"
2006-06-15 15:12:20 ( .D... ) "C:\Programas\Nokia"
2006-06-15 15:12:20 ( .D... ) "C:\Programas\Ficheiros comuns\PCSuite"
2006-06-15 15:12:20 ( .D... ) "C:\Programas\Ficheiros comuns\Nokia"
2006-06-14 23:38:46 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Elaborate Bytes"
2006-06-14 23:25:02 ( .D... ) "C:\Programas\Microsoft Games"
2006-06-14 23:21:46 ( .D... ) "C:\Programas\Mozilla Firefox"
2006-06-14 23:21:46 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Mozilla"
2006-06-14 23:20:02 ( .D... ) "C:\Programas\Ficheiros comuns\SystemRequirementsLab"
2006-06-14 00:38:40 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Skype"
2006-06-14 00:38:32 ( .D... ) "C:\Programas\Skype"
2006-06-14 00:19:18 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Google"
2006-06-14 00:18:54 ( .D... ) "C:\Programas\Google"
2006-06-13 23:48:52 ( .D... ) "C:\Programas\Spybot - Search & Destroy"
2006-06-13 23:15:18 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Macromedia"
2006-06-13 19:00:42 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Help"
2006-06-13 14:25:26 ( .D... ) "C:\Programas\VIA"
2006-06-13 13:25:08 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\AdobeUM"
2006-06-13 13:23:34 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Adobe"
2006-06-13 11:02:14 ( .D... ) "C:\Programas\Ficheiros comuns\Hewlett-Packard"
2006-06-13 11:00:32 ( .D... ) "C:\Programas\Ficheiros comuns\HP"
2006-06-13 10:56:38 ( .D... ) "C:\Programas\HP"
2006-06-13 10:42:40 ( .D... ) "C:\Programas\Sonic"
2006-06-13 10:33:38 ( .D... ) "C:\Programas\Elaborate Bytes"
2006-06-13 09:57:28 ( .D... ) "C:\Programas\Pinnacle"
2006-06-13 09:44:14 ( .D... ) "C:\Programas\C-Media 3D Audio"
2006-06-13 00:51:56 ( .D... ) "C:\Programas\Ficheiros comuns\ODBC"
2006-06-13 00:51:54 ( .D... ) "C:\Programas\Ficheiros comuns\SpeechEngines"
2006-06-13 00:51:54 ( .D... ) "C:\Programas\Ficheiros comuns\Microsoft Shared"
2006-06-13 00:51:54 ( .D... ) "C:\Programas\Ficheiros comuns"
2006-06-13 00:51:30 62 ( A.SH. ) "C:\Documents and Settings\Armindo\Application Data\desktop.ini"
2006-06-13 00:43:56 ( .D... ) "C:\Programas\Adobe"
2006-06-13 00:42:48 ( .D... ) "C:\Programas\Grisoft"
2006-06-13 00:40:50 ( .D... ) "C:\Programas\WinRAR"
2006-06-13 00:34:32 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Ahead"
2006-06-13 00:33:42 ( .D... ) "C:\Programas\Nero"
2006-06-13 00:33:42 ( .D... ) "C:\Programas\Ficheiros comuns\Ahead"
2006-06-13 00:27:10 ( .D... ) "C:\Programas\Microsoft.NET"
2006-06-13 00:26:36 ( .D... ) "C:\Programas\Ficheiros comuns\DESIGNER"
2006-06-13 00:26:32 ( .D... ) "C:\Programas\Microsoft Works"
2006-06-13 00:26:26 ( .D... ) "C:\Programas\Microsoft Visual Studio"
2006-06-13 00:25:58 ( .D... ) "C:\Programas\Microsoft Office"
2006-06-13 00:19:26 ( .D.H. ) "C:\Programas\InstallShield Installation Information"
2006-06-13 00:19:20 ( .D... ) "C:\Programas\CyberLink"
2006-06-13 00:15:58 ( .D... ) "C:\Programas\Ficheiros comuns\InstallShield"
2006-06-13 00:10:40 ( .D... ) "C:\Documents and Settings\Armindo\Application Data\Identities"
2006-06-13 00:10:38 ( .D.H. ) "C:\Programas\Uninstall Information"
2006-06-13 00:10:32 ( .DS.. ) "C:\Documents and Settings\Armindo\Application Data\Microsoft"
2006-06-13 00:04:18 ( .D... ) "C:\Programas\xerox"
2006-06-13 00:04:18 ( .D... ) "C:\Programas\microsoft frontpage"
2006-06-13 00:03:52 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-06-13 00:02:28 ( .D.H. ) "C:\Programas\WindowsUpdate"
2006-06-13 00:02:22 ( .D... ) "C:\Programas\Servi‡os online"
2006-06-13 00:01:42 ( .D... ) "C:\Programas\Ficheiros comuns\Services"
2006-06-13 00:01:38 ( .D... ) "C:\Programas\Ficheiros comuns\MSSoap"
2006-06-13 00:01:28 ( .D... ) "C:\Programas\Movie Maker"
2006-06-13 00:01:18 ( .D... ) "C:\Programas\NetMeeting"
2006-06-13 00:01:14 ( .D... ) "C:\Programas\Outlook Express"
2006-06-13 00:01:10 ( .D... ) "C:\Programas\Ficheiros comuns\System"
2006-06-13 00:01:08 ( .D... ) "C:\Programas\Internet Explorer"
2006-06-13 00:00:30 ( .D... ) "C:\Programas\ComPlus Applications"
2006-06-13 00:00:14 ( .D... ) "C:\Programas\Windows Media Player"
2006-06-13 00:00:08 ( .D... ) "C:\Programas\Messenger"
2006-06-13 00:00:06 ( .D... ) "C:\Programas\MSN Gaming Zone"
2006-06-12 23:59:44 ( .D... ) "C:\Programas\Windows NT"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-31 10:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-05-31 09:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2006-05-19 14:23:34 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 14:23:34 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 14:23:34 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-03 16:30:06 1212928 ( A.... ) "C:\WINDOWS\system32\Incinerator.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-03 01:45 331.750 C:\combofix.exe
2006-08-01 20:40 139.264 C:\WINDOWS\War3Unin.exe
2006-07-30 02:42 2.297.552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-12 00:11 89.360 C:\WINDOWS\system32\VB5DB.DLL
2006-07-12 00:11 69.632 C:\WINDOWS\system32\xmltok.dll
2006-07-12 00:11 36.864 C:\WINDOWS\system32\xmlparse.dll
2006-07-12 00:11 26.096 C:\WINDOWS\system32\xmlinst.exe
2006-07-12 00:11 24.576 C:\WINDOWS\system32\msxml3a.dll
2006-07-04 23:10 41.472 C:\WINDOWS\system32\iolobtdfg.exe
2006-07-04 23:10 25.264 C:\WINDOWS\system32\smrgdf.exe
2006-07-04 23:10 1.212.928 C:\WINDOWS\system32\Incinerator.dll
2006-07-04 22:37 117.760 C:\WINDOWS\system32\xmllite.dll
2006-07-04 22:27 81.424 C:\WINDOWS\system32\regperf.exe
2006-07-03 23:07 78.488 C:\WINDOWS\system32\XMD5.dll
2006-07-03 23:07 101.888 C:\WINDOWS\system32\vb6stkit.dll
2006-07-03 22:35 172.032 C:\WINDOWS\system32\asilock.dll
2006-06-30 21:45 18.432 C:\WINDOWS\system32\winosz32.dll
2006-06-30 11:59 2.379 C:\WINDOWS\system32\sdbackup.reg
2006-06-29 00:00 2.337.488 C:\WINDOWS\system32\d3dx9_25.dll
2006-06-29 00:00 2.222.800 C:\WINDOWS\system32\d3dx9_24.dll
2006-06-28 23:53 53.346 C:\WINDOWS\system32\javaw.exe
2006-06-28 23:53 49.248 C:\WINDOWS\system32\java.exe
2006-06-28 23:53 127.078 C:\WINDOWS\system32\javaws.exe
2006-06-26 00:43 208.896 C:\WINDOWS\system32\NVUNINST.EXE
2006-06-23 09:28 5.512.704 C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47.616 C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454.144 C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 179.200 C:\WINDOWS\system32\ieui.dll
2006-06-23 05:41 172.544 C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:30 11.776 C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55.296 C:\WINDOWS\system32\icardie.dll
2006-06-23 05:27 251.392 C:\WINDOWS\system32\iertutil.dll
2006-06-23 04:46 377.856 C:\WINDOWS\system32\ieapfltr.dll
2006-06-19 15:18 23.552 C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20.480 C:\WINDOWS\system32\normaliz.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVRTCLK"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"RemoteControl"="C:\\Programas\\CyberLink\\PowerDVD\\PDVDServ.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"HP Software Update"="\"C:\\Programas\\HP\\HP Software Update\\HPWuSchd.exe\""
"DataLayer"="C:\\Programas\\Ficheiros comuns\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Programas\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"Windows Defender"="\"C:\\Programas\\Windows Defender\\MSASCui.exe\" -hide"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"DAEMON Tools"="\"C:\\Programas\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programas\\Ficheiros comuns\\Ahead\\lib\\NMBgMonitor.exe\""
"Skype"="\"C:\\Programas\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background"
"PcSync"="C:\\Programas\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"SMSystemAnalyzer"="\"C:\\Programas\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="A minha home page actual"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon da cache de categorias dos componentes"
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 03-08-2006 1:54:20,20
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby Buttpt » August 2nd, 2006, 8:57 pm

HJT

Logfile of HijackThis v1.99.1
Scan saved at 1:56:36, on 03-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Armindo\Ambiente de trabalho\MALWARE REMOVAL\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: (no name) - {B20390F9-DF1B-44E5-B445-56D2B3A89F3F} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programas\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programas\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll (file missing)
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Sorry for the 'itializing'...I thought it would help :P
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby agrarianmonk » August 3rd, 2006, 2:37 am

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Please re-open HiJackThis and select Scan. Check the boxes next to all the entries listed below (if present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B20390F9-DF1B-44E5-B445-56D2B3A89F3F} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll (file missing)
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

***************************************

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________


Next, we need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

***************************************

Using Windows Explorer/My Computer, please delete the following files if still present:

C:\WINDOWS\SYSTEM32\winosz32.dll


If you get an error when deleting a file, <<right click>> on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.

Please note any files/folders you couldn't find or delete in your next post.

***************************************

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post:
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
  4. panda log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Buttpt » August 3rd, 2006, 10:04 am

rapport.txt

SmitFraudFix v2.79

Scan done at 13:11:34,62, 03-08-2006
Run from C:\Documents and Settings\Armindo\Ambiente de trabalho\MALWARE REMOVAL\SmitfraudFix
OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

[HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINDOWS\system32\hvcycg.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINDOWS\system32\hvcycg.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\hvcycg.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby Buttpt » August 3rd, 2006, 10:05 am

Ewido log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:42:38 03-08-2006

+ Scan result:



:mozilla.10:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{3A828263-352D-4B5D-B74F-7CE7BD6FBAC9}.txt/{3A828263-352D-4B5D-B74F-7CE7BD6FBAC9}.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{46236FCF-1B65-4F5A-9748-5AD420663220}.txt/{46236FCF-1B65-4F5A-9748-5AD420663220}.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{32E8171F-60F9-4464-B81F-96775F778E49}.txt/{32E8171F-60F9-4464-B81F-96775F778E49}.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{EEA84108-A5F4-47BA-9FB1-62FDA153ED20}.txt/{EEA84108-A5F4-47BA-9FB1-62FDA153ED20}.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{236FFE8A-6742-4C04-B70F-ADA6BA8ACB51}.txt/{236FFE8A-6742-4C04-B70F-ADA6BA8ACB51}.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{4CB2F1FF-4A81-4724-B39E-2BED0451C9D5}.txt/{4CB2F1FF-4A81-4724-B39E-2BED0451C9D5}.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{E68CB007-24BD-4158-A7DB-7571346576C1}.txt/{E68CB007-24BD-4158-A7DB-7571346576C1}.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{3F87D1CF-875E-493A-BB3A-82430946FDAD}.txt/{3F87D1CF-875E-493A-BB3A-82430946FDAD}.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Programas\iolo\System Mechanic Professional 6\Undo\Manual\{CDDCCCD9-F578-4E23-8FB4-1DB2360A8BF2}\{CA466C23-E1D4-43B9-AB13-D366C7CF6845}.txt/{CA466C23-E1D4-43B9-AB13-D366C7CF6845}.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Armindo\Application Data\Mozilla\Firefox\Profiles\vpkdydwj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby Buttpt » August 3rd, 2006, 10:05 am

HJT

Logfile of HijackThis v1.99.1
Scan saved at 15:03:03, on 03-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\ewido anti-spyware 4.0\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHEI~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Armindo\Ambiente de trabalho\MALWARE REMOVAL\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Programas\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programas\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby Buttpt » August 3rd, 2006, 10:15 am

Notes:

1- The first time I runned Ewido (not the scan, just the program) it appeared a message about a trojan (winosz32.dll). So when you say to eliminate this file, I didn't because it was already eliminated. Also, in the HJT part when I have to fix those entries the one that says

"O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll"

was

"O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)"

I think that it was because the file had been already eliminated, but I fixed that entry anyway.

2- In the step:

"Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok."

When you say "If it is there, select that entry and click the Delete button.", there weren't any entries (not even one).

(just to let you know)

3- I didn't run the Panda's ActiveScan because when I was installing the ActiveX my antivirus detected a trojan (I tried twice).


I think it's all for now.
Once again thanks for the help.
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby agrarianmonk » August 3rd, 2006, 11:41 am

Hi,

How's your PC behaving?

Let me know in your next post :)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Buttpt » August 4th, 2006, 1:11 pm

Good till now.
I don't see winantiviruspro for a while.
I'm going on vacations today so I won't be able to come here, however when I return if i still got problems, I'll let you know.



All I can say now is Thank You Very Much :)
For the help and patience.

stay cool
bye ;)
Buttpt
Active Member
 
Posts: 9
Joined: August 2nd, 2006, 1:53 pm

Unread postby agrarianmonk » August 4th, 2006, 1:12 pm

This is my post for when your computer is all clean - which it currently appears to be. Please let me know if you are experiencing any other problems with your computer.

If you are not having any more problems, we have just a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

It's also a good idea to Flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!


(Please respond to this thread one more time so we can mark this thread as resolved.)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby 'KotaGuy » August 20th, 2006, 4:26 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware