Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde...fotomoto...?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde...fotomoto...?

Unread postby vaanwarrior » August 13th, 2007, 1:20 am

I need some help. My windows defender keep showing that I was infected with Virtumonde & fotomoto. I need some help.

This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:04 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\service.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [System] rundl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [System] rundl.exe (User 'Default user')
O4 - Startup: hamachi.lnk = D:\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jtackw.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0881398453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8162192265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/ ... kdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: prodigy1 - {F45559EA-5913-4F76-A370-DBB6CB63B8EF} - prodigys323.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dcfvshqc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe

--
End of file - 9620 bytes
User avatar
vaanwarrior
Active Member
 
Posts: 11
Joined: July 14th, 2007, 5:14 pm
Advertisement
Register to Remove

Unread postby askey127 » August 13th, 2007, 7:08 am

vaanwarrior,
Looks like you have a few infections on your machine, allright.
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------
We need to rename HijackThis.exe to reveal.exe
Use My Computer (Windows Explorer) to go to the HiJackThis folder
In your case, the HiJackThis folder is: C:\Program Files\Trend Micro\HijackThis\
(double click C:, then double click Program Files, double click Trend Micro, then double click the HijackThis folder)
In the top menu, click View, Details
Right button-click on the file named HijackThis.exe and select Rename.
Type in the new filename as reveal.exe
Hit <Enter> and close MyComputer
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis (reveal.exe). Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the contents of the CCleaner install.txt.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

next

Unread postby vaanwarrior » August 15th, 2007, 12:48 pm

Sorry 4 reply so late. I was quite buzy lately. By the way thanks 4 willing 2 help me.

I would like 2 tell u that I have used Vundofix 2 remove something b4 u reply my topic but I feel no difference.

I have done what u ask me 2 do such as change the HJT to reveal.exe & below is my HJT or reveal.exe log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:35 AM, on 1/1/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\reveal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B53B7BA-935A-4A25-9B13-E8242F24A9D6} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8177A3CE-E94D-4A5D-8E7D-E1EAC85016C1} - C:\WINDOWS\system32\icdglwgc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [System] rundl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [System] rundl.exe (User 'Default user')
O4 - Startup: hamachi.lnk = D:\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jtackw.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0881398453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8162192265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/ ... kdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtuuuts - vtuuuts.dll (file missing)
O21 - SSODL: prodigy1 - {F45559EA-5913-4F76-A370-DBB6CB63B8EF} - prodigys323.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dcfvshqc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe

--
End of file - 11155 bytes

-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------

Next is my install.txt.

1400Trb
1400_Help
1400
ACDSee 6.0 PowerPack
Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
ADSL USB Modem Network Adapter
AhnLab MyKeyDefense 2.0
AhnLab Smart Update i
AiOSoftware
AiO_Scan
Anvil Studio
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
AutoUpdate
AVG 7.5
AVG Anti-Spyware 7.5
BitComet 0.91
CCleaner (remove only)
Chinese Star XP
Combined Community Codec Pack 2007-02-22
COMODO Firewall Pro
Counter-Strike 1.6
Counter-Strike: Condition Zero
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Camera
DirectVobSub (remove only)
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
DocProc
EAX(tm) Unified (SHELL)
eSupportQFolder
Fax
FlashGet 1.9.0.1012
FlashGet(JetCar)
GdiplusUpgrade
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
HP Extended Capabilities 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Icatch(IV) Camera Driver
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Managed DirectX (0900)
MapleStory
MarketResearch
Media Library Management Wizard
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX SDK (February 2007)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
Nero OEM
NewCopy
NJStar Communicator
Norton Spyware Scan - Yahoo!
Norton Spyware Scan provided by Yahoo!
PanoStandAlone
Personal License Update Wizard for Windows Media Player
Platform
Plus! MP3 Audio Converter LE
PowerDVD
ProductContext
QuickTime
Readme
RealPlayer
Realtek AC'97 Audio
RO English Edition
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
SafeCast Shared Components
ScannerCopy
Scan
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SolutionCenter
Spybot - Search & Destroy 1.4
Status
TrayApp
Tweakui Powertoy for Windows XP
UniChrome IGP Driver and Utilities
Unload
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb936558)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Word 2007 (KB934173)
VIA Platform Device Manager
WebFldrs XP
WebReg
Winamp (remove only)
Windows Communication Foundation
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Media Player Skin Importer
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Anti-Spy
Yahoo! Search Protection
Yahoo! Toolbar

-----------------------------------------------------------------------------------
User avatar
vaanwarrior
Active Member
 
Posts: 11
Joined: July 14th, 2007, 5:14 pm

additional info

Unread postby vaanwarrior » August 15th, 2007, 12:51 pm

*For additional info*
Besides my windows defender warning. I would like 2 inform u that I been suffering pop ups sometimes whenever I open my firefox and sometimes if I close my pop ups my firefox will also close as well.
User avatar
vaanwarrior
Active Member
 
Posts: 11
Joined: July 14th, 2007, 5:14 pm

Unread postby askey127 » August 15th, 2007, 7:15 pm

vaanwarrior,
This is kind of long, but you have a lot to do in saving this machine.
You may want to print this out, or save it as a Notepad document on your Desktop, since you won't have Internet access in Safe Mode.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O2 - BHO: (no name) - {1B53B7BA-935A-4A25-9B13-E8242F24A9D6} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O4 - HKUS\S-1-5-18\..\RunServices: [System] rundl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [System] rundl.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O20 - Winlogon Notify: vtuuuts - vtuuuts.dll (file missing)
O21 - SSODL: prodigy1 - {F45559EA-5913-4F76-A370-DBB6CB63B8EF} - prodigys323.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dcfvshqc.exe (file missing)
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
FlashGet 1.9.0.1012
FlashGet(JetCar)

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Stop, Disable and Delete Services
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find the service.

DomainService

Click once on the service to highlight it.
Right-Click on the service. Click on Properties
Select the General tab.
Next to Service Status, click Stop.
Click the Arrow-down tab on the right-hand side of the Start-up Type box.
From the drop-down menu, click on Disabled
Click Apply , then OK
Repeat the steps above for the Service named Service Manager (one space between Service and Manager)

Delete the Services
Open HiJackThis. Click on Config, Misc Tools, Delete an NT Service
Type DomainService in the space provided and click OK
The program will ask you to REBOOT --- Reject

Open HiJackThis if it's not still open. Click on Config, Misc Tools, Delete an NT Service
Type Service Manager in the space provided and click OK
The program will ask you to REBOOT --- Accept
When it Restarts, Start Your Computer in Safe Mode.
Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list. In some systems, this may be the F5 key, so try that if F8 doesn't work. Additional Info is here: http://www.computerhope.com/issues/chsafe.htm
-----------------------------------------------------------
File Deletion.
In Windows Explorer (My Computer), navigate to the files shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename. They may not all exist.
C:\Windows\rundl.exe
C:\Windows\service.exe
C:\Windows\PictureAlbum2007.zip
C:\Windows\System32\xxxxxxxxx
C:\Windows\System32\prodigy323.dl
C:\Windows\System32\dcfvshqc.exe
C:\Windows\System32\vtuuuts.dll
C:\Windows\System32\vtsqp.dll
If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to each folder shown below, highlight the folder if found, and press Delete.
D:\Flashget\
In the case of a folder removal, you may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
Reboot your machine to Normal Mode.
-----------------------------------------------------------
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop named win32delfkil.
Close all windows (no tabs showing in the bottom tray), open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt in your reply.
-----------------------------------------------------------
Download and Run ComboFix-----------------------------------------------------------
Post a New HJT Log
Start HijackThis (reveal.exe). Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the logfiles windelf.txt and ComboFix.txt.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

next

Unread postby vaanwarrior » August 16th, 2007, 11:18 am

I have done what u ask.

Juz I can't find all the files that u ask me 2 find & delete.

This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:27 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\reveal.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8177A3CE-E94D-4A5D-8E7D-E1EAC85016C1} - C:\WINDOWS\system32\icdglwgc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = D:\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jtackw.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0881398453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8162192265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/ ... kdplus.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E493347-36C0-4FD9-A1A1-810E749E9C31}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10138 bytes

------------------------------------------------------------------------------------

This is my windelf.txt

WIN32DELFKIL LOGFILE - by Marckie


version 3.130
Thu 08/16/2007 22:47:54.10
running from: "C:\Documents and Settings\user\Desktop"


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!

----------------------------------------------------------------------------------
This is my ComboFix.txt:

ComboFix 07-08-09.3 - "user" 2007-08-16 22:56:31.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.28 [GMT 8:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\user\APPLIC~1\..\new.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-20 08:59 75,284 --a------ C:\WINDOWS\system32\fycagmsx.exe
2007-08-16 22:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 22:47 90,112 --a------ C:\WINDOWS\system32\regdacl.exe
2007-08-16 22:47 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-08-16 22:47 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-08-16 22:47 280,230 --a------ C:\win32delfkil.exe
2007-08-16 22:47 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-08-16 22:47 <DIR> d-------- C:\WINDOWS\system32\regdacl
2007-08-16 22:47 <DIR> d-------- C:\_backupD
2007-08-14 00:47 <DIR> d-------- C:\Program Files\CCleaner
2007-08-13 20:42 <DIR> d-------- C:\VundoFix Backups
2007-08-13 09:37 75,284 --a------ C:\WINDOWS\system32\xkjoisda.exe
2007-08-12 16:22 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Comodo
2007-08-12 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-12 16:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-12 16:10 <DIR> d-------- C:\Program Files\Comodo
2007-08-12 11:56 75,284 --a------ C:\WINDOWS\system32\uifaotiu.exe
2007-08-11 21:20 72,704 --a------ C:\DOCUME~1\user\tfutax.exe
2007-08-11 21:12 72,704 --a------ C:\DOCUME~1\user\cjgdqa.exe
2007-08-11 18:56 75,284 --a------ C:\WINDOWS\system32\ipxitpke.exe
2007-08-11 18:56 643,905 ---hs---- C:\WINDOWS\system32\opqss.bak1
2007-08-11 18:08 75,284 --a------ C:\WINDOWS\system32\cvlqwabh.exe
2007-08-11 18:08 643,905 ---hs---- C:\WINDOWS\system32\mmllm.bak1
2007-08-11 11:57 120,852 --a------ C:\WINDOWS\system32\icdglwgc.dll
2007-08-11 11:56 75,284 --a------ C:\WINDOWS\system32\owrotpty.exe
2007-08-11 11:55 644,083 ---hs---- C:\WINDOWS\system32\egjlm.bak1
2007-08-11 11:21 120,852 --a------ C:\WINDOWS\system32\qceclevm.dll
2007-08-11 11:12 644,083 ---hs---- C:\WINDOWS\system32\qtstv.bak1
2007-08-11 09:19 72,704 --a------ C:\DOCUME~1\user\kiqheo.exe
2007-08-11 09:19 72,704 --a------ C:\DOCUME~1\user\aezory.exe
2007-08-11 08:47 72,704 --a------ C:\DOCUME~1\user\ijpigk.exe
2007-08-11 08:45 72,704 --a------ C:\DOCUME~1\user\awsguh.exe
2007-08-11 08:38 75,284 --a------ C:\WINDOWS\system32\kjhvscnt.exe
2007-07-18 09:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-17 20:07 8,576 --a------ C:\WINDOWS\system32\drivers\smikwtibwsnd.sys
2007-07-17 14:09 8,576 --a------ C:\WINDOWS\system32\drivers\ofwjiqpgdtpg.sys
2007-07-17 10:02 8,576 --a------ C:\WINDOWS\system32\drivers\cbubkiqlxwnh.sys
2007-07-16 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-16 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-07-16 11:09 <DIR> d-------- C:\DOCUME~1\user\awc_vaanbazooka


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 23:03 524288 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin
2007-07-27 10:45 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-19 15:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 11:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-15 04:57 --------- d-------- C:\Program Files\Trend Micro
2007-07-13 07:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 22:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 22:35 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 22:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 22:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 22:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 22:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 22:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 22:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 22:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 22:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 22:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 22:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 22:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 22:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 22:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 22:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 22:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 22:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 22:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 22:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 16:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 16:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 15:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 14:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-23 16:26 26056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 21:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 18:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 18:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-31 14:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 14:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 14:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-17 19:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 19:28 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-16 23:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 23:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 23:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 23:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 23:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2006-11-11 18:43 774144 --a------ C:\Program Files\RngInterstitial.dll
2002-12-31 16:05:34 72,704 --sh--r C:\WINDOWS\service.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8177A3CE-E94D-4A5D-8E7D-E1EAC85016C1}]
2007-08-11 11:58 120852 --a------ C:\WINDOWS\system32\icdglwgc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"VTTimer"="VTTimer.exe" [2004-01-15 20:33 C:\WINDOWS\system32\VTTimer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-23 16:41]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:32]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-12 16:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-29 06:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"System"=rundl.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
Msrtmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRT]
svcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
R3 CnxTrLan;ADSL USB Modem Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
R3 CnxTrUsb;ADSL USB Modem Network Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 CSDriver;CSDriver;\??\C:\WINDOWS\System32\drivers\CSDriver.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 Mkd2kfNt;Mkd2kfNt;C:\WINDOWS\system32\drivers\Mkd2kfNt.sys
S3 Mkd2Usbf;Mkd2Usbf;C:\WINDOWS\system32\drivers\Mkd2Usbf.sys
S3 MzBot;MzBot;\??\C:\MzBot.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ec9752-634f-11da-ae1b-00300a12a313}]
Autoplay\command- MySexy.exe
AutoRun\command- MySexy.exe
Explore\command- MySexy.exe
OPEN\command- MySexy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0739b543-cc9b-11db-b3dc-00300a12a313}]
Autoplay\command- G:\MySexy.exe
AutoRun\command- G:\MySexy.exe
Explore\command- G:\MySexy.exe
OPEN\command- G:\MySexy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e32ca9c-74b4-11db-b2ba-00300a12a313}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e32ca9d-74b4-11db-b2ba-00300a12a313}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66929d70-b156-11db-b37b-00300a12a313}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-16 15:06:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 23:05:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 23:09:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 23:09

--- E O F ---
User avatar
vaanwarrior
Active Member
 
Posts: 11
Joined: July 14th, 2007, 5:14 pm

Unread postby askey127 » August 16th, 2007, 1:13 pm

vaanwarrior,
-----------------------------------------------------------
Peer to Peer File Sharing
Please note that as long as you're using any form of Peer-to-Peer networking (BitComet, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of major PC infections.
Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/
Regardless of the safety of the program used, the practice of file-sharing is very unsafe for the health of your PC.
-----------------------------------------------------------
Your log looks good.
Are you having any further trouble? If not, we can clean up and add some extra security for you.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby NonSuch » August 26th, 2007, 12:38 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware