Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I NEED HELP WITH THE VUNDO TROJAN and other Malware - PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby beynac » October 1st, 2007, 12:32 pm

Hi Piankhi.

That's looking a lot better. :) Are you still having problems with Internet Explorer? If so, please give me details.

---------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

------------------------------------------

Show hidden System Files:
  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • Advanced Settings:
    • Under Hidden files and folders, select Show hidden files and folders
    • Uncheck Hide extensions for known file types
    • Uncheck Hide protected operating system files (Recommended)
  • Click Apply
  • Click Apply to All Folders
  • Click Yes to confirm
  • Click OK
--------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6u2.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6u2
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
---------------------------------------

AVG Anti-Spyware:

Please update AVG Anti-Spyware.
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
Please check the following settings:
  • Click the Shield icon at the top and under Resident shield is... make sure it shows inactive or not available in the free version.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

--------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Still in Safe Mode, click on Start then My Computer, find the following file (highlighted in red) and delete it, if present. Don't worry if it's missing, but please let me know.

C:\Documents and Settings\Big Wes\Local Settings\Temp\iatmunin.sys

--------------------------------------------------

Reboot in Normal Mode.

--------------------------------------------------

Please post the following, as a reply to this thread:
  • The AVG Anti-Spyware report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

Unread postby Piankhi » October 3rd, 2007, 11:06 pm

Good evening,


I couldn't find the file....... Here is the new avg report:

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:42:36 PM 10/3/2007

+ Scan result:



C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001108.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.314:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.13:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Big Wes\Cookies\big_wes@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.37:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.302:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.254:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.11:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Big Wes\Cookies\big_wes@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.210:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.211:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.212:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.223:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.224:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.238:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.240:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.241:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.268:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.181:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.74:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.155:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.156:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.157:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.158:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.160:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.161:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.162:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Big Wes\Cookies\big_wes@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.34:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.35:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Big Wes\Cookies\big_wes@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.304:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.305:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.306:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.26:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.27:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.28:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.29:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.30:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.31:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.104:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.99:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.316:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.317:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.318:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.319:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.320:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.321:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.322:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.323:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.324:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.22:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Holly\Cookies\holly@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.126:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.315:C:\Documents and Settings\Big Wes\Application Data\Mozilla\Firefox\Profiles\tccigict.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby Piankhi » October 3rd, 2007, 11:07 pm

Here is the HJT Report:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:50 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5ADBB9A5-0C6C-449D-8665-18DEDCF0815C} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {776590E3-E488-4B9F-93AB-EC10A11C85F9} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {87B9AD9D-4B79-4582-9F48-77A2BC78139D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14852 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » October 4th, 2007, 4:34 am

Good morning.

The AVG Anti-Spyware report is only showing tracking cookies and your HijackThis log is clean. So, there's just a bit of tidying up to do. :)

I wrote:Are you still having problems with Internet Explorer? If so, please give me details.

Is this OK now?

-----------------------------------------------------

Let's clear out the programs we've been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to the allow clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe
----------------------------------------------------

Hide System Files
  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • Advanced Settings:
    • Under Hidden files and folders, select Do not show hidden files and folders
    • Select Hide extensions for known file types
    • Select Hide protected operating system files (Recommended)
  • Click Apply
  • Click Apply to All Folders
  • Click Yes
  • Click OK
---------------------------------------------------

Flush System Restore

We need to 'flush' your System Restore points and create a new clean one.

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
--------------------------------------------------

If you do not already use it, I suggest that you install SpywareBlaster. This program will:
  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
This program blocks these items but does not run in the background. It therefore does not use any resources.

I would also recommend that you have a look at Firetrust SiteHound. This gives warnings when you are about to enter a website that is on their 'block' list. An alternative is McAfee SiteAdvisor. I use SiteHound, but both have a good reputation (N.B. use only one of them, not both).

This article, How to prevent Malware by miekiemoes, gives some very good advice.

Please let me know whether you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Piankhi » October 7th, 2007, 3:29 pm

Thanks you VERY much. The problem I had with the internet the link changed but I found another icon that takes me to the right place. I wanted to ask should I keep AVG antispyware on the computer? Are there any other programs I used to fix the problems that I should remove?
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Unread postby beynac » October 7th, 2007, 3:44 pm

You're welcome! :)

I suggest that you keep AVG Anti-Spyware. Run an occasional scan (make sure that you update it first). The clean up with OTMoveIt should have removed the tools we used. If there are any other reports or installation programs (e.g. Java or AVG) on your desktop, you can delete them.



This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware