Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Internet Speed Monitor" Removal (My hijackthis file)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 9th, 2007, 6:33 pm

First time post, couldn't find ISM in add/remove or in program files. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:20 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\OGQR123M\HiJackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E11E41D-0638-4645-A3D0-E708E6552009} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Socr] "C:\WINDOWS\ICROSO~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm
Advertisement
Register to Remove

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 10th, 2007, 4:59 pm

Hello and welcome to The Malware Removal Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

Since I am still in training, I have to let experts check the content of my fixes before I post them so please be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions!
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 11th, 2007, 3:50 am

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:

1)Antivir PersonalEdition Classic
2)avast! 4 Home Edition
3) AVG Anti-Virus Free Edition

Download and install only one!



Step # 1: Download and Run ComboFix

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Step # 2: Download and Run HijackThis


Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!


Download HJTInstall.exe to your Desktop.

  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



Step # 3: Rename HijackThis

Rename HijackThis.exe to Scanner.exe by doing the following:

    Navigate to here: C:\Program Files\Trend Micro\HijackThis
    Right-click on the HijackThis.exe.
    From the pull-down menu, choose: "Rename".
    Rename HijackThis.exe to Scanner.exe
    Open Hijackthis.
    Run Hijackthis (Do a system scan and save a log file).
    Post the fresh HijackThis log.



Step # 4: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.



Step # 5 Post Logs

In your next post/reply, I'd like to see the following:

    1. ComboFix Log (C:\ComboFix.txt)
    2. A fresh HiJackThis Log (Scanner.exe)
    3. Uninstall List

If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 11th, 2007, 5:01 am

thanks for the reply, here is my combofix log... hijackthis log coming in a second.

ComboFix 07-12-09.1 - Jake 2007-12-11 0:47:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1454 [GMT -8:00]
Running from: C:\Documents and Settings\Jake\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Jake\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Jake\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Jake\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Jake\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack10.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~1\?icrosoft\
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\rasqervy.dll
C:\WINDOWS\system32\sdfinacs.dll
C:\WINDOWS\system32\wtsicom32.exe
C:\WINDOWS\system32\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-11 00:45 . 2007-12-11 00:45 <DIR> d-------- C:\Program Files\Avira
2007-12-11 00:45 . 2007-12-11 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-07 11:36 . 2007-08-20 02:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 11:36 . 2007-04-17 01:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-07 11:36 . 2007-03-07 21:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-07 11:36 . 2007-08-20 02:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 11:36 . 2007-08-20 02:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 11:36 . 2007-08-20 02:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 11:36 . 2007-08-20 02:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 11:36 . 2007-08-20 02:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 11:36 . 2007-08-17 02:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-07 11:28 . 2007-12-09 13:34 <DIR> d-------- C:\Program Files\Adware Away
2007-12-07 11:28 . 2007-04-16 07:52 984,576 --a------ C:\WINDOWS\system32\AAK.dll
2007-12-07 11:28 . 2004-08-10 02:00 616,960 --a------ C:\WINDOWS\system32\AAD.DLL
2007-12-07 11:28 . 2004-08-10 02:00 23,040 --a------ C:\WINDOWS\system32\AAP.DLL
2007-12-07 11:28 . 2007-12-07 11:28 255 --a------ C:\WINDOWS\system32\ad_away.lic
2007-12-04 19:32 . 2007-12-04 19:32 108,548 --a------ C:\WINDOWS\system32\lpcywinp.exe
2007-12-04 19:32 . 2007-12-04 19:32 3,638 --a------ C:\info.exe
2007-12-04 19:32 . 2007-12-04 19:32 14 --a------ C:\WINDOWS\system32\din.ip
2007-12-04 19:32 . 2007-12-04 19:32 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-03 22:25 . 2007-12-09 14:06 <DIR> d-------- C:\VundoFix Backups
2007-12-03 19:08 . 2007-12-03 19:08 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-12-03 19:07 . 2007-12-09 14:04 <DIR> d-------- C:\Program Files\SpyNoMore
2007-12-03 19:07 . 2007-12-03 19:07 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-03 19:00 . 2007-12-03 19:01 793,980 ---hs---- C:\WINDOWS\system32\mndsrsfa.ini
2007-12-03 19:00 . 2007-12-04 19:35 5 --a------ C:\WINDOWS\system32\sdfixwcs.dll
2007-12-03 18:51 . 2007-12-05 09:17 0 --a------ C:\WINDOWS\msacm32.drv
2007-12-02 19:09 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-29 19:10 . 2007-11-29 19:10 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-11-29 19:10 . 2007-11-29 19:10 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-11-29 19:10 . 2007-11-29 19:11 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\Nokia
2007-11-29 19:10 . 2007-11-29 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-29 19:09 . 2007-11-29 19:09 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-11-29 19:09 . 2007-11-29 19:10 <DIR> d-------- C:\Program Files\Nokia
2007-11-29 19:09 . 2007-11-29 19:09 <DIR> d-------- C:\Program Files\DIFX
2007-11-29 19:09 . 2007-11-29 19:11 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\PC Suite
2007-11-29 19:09 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-11-29 19:09 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-11-29 19:09 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-11-29 19:09 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-11-29 19:09 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-11-29 19:07 . 2007-11-29 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-11-19 19:58 . 2007-11-19 19:58 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 17:34 . 2007-11-12 17:34 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 20:32 --------- d-----w C:\Program Files\RGB
2007-12-10 19:19 --------- d-----w C:\Program Files\Google
2007-12-07 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-07 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-12-03 05:12 --------- d-----w C:\Program Files\DivX
2007-12-01 04:20 --------- d-----w C:\Documents and Settings\Jake\Application Data\LimeWire
2007-11-23 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 03:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 02:32 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 01:34 --------- d-----w C:\Program Files\iTunes
2007-11-13 01:33 --------- d-----w C:\Program Files\QuickTime
2007-11-09 19:57 --------- d-----w C:\Program Files\Java
2007-11-07 20:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-07 06:19 550 ---ha-w C:\os633022.bin
2007-10-27 19:57 --------- d-----w C:\Program Files\LimeWire
2007-10-25 04:04 67,664 ----a-w C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-07-22 03:00 251 ----a-w C:\Program Files\wt3d.ini
2007-07-21 21:22 88 --sh--r C:\WINDOWS\system32\2FA91C7304.sys
2007-07-21 21:22 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E11E41D-0638-4645-A3D0-E708E6552009}]
C:\WINDOWS\system32\geedb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]
"Steam"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Aim6"="" []
"Socr"="C:\WINDOWS\ICROSO~1\attrib.exe" []
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" []
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 13:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 02:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 02:00 C:\WINDOWS\system32\rundll32.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 18:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-12-03 19:08]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-17 11:10 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"matlabserver"=2 (0x2)

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 AFW;AFW;\??\C:\DOCUME~1\Jake\LOCALS~1\Temp\002bf04a.sys
S3 PciCon;PciCon;\??\D:\PciCon.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb905d3-1913-11db-bd8c-806d6172696f}]
\Shell\AutoRun\command - D:\Installer.exe

*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 17:51:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Jake\LOCALS~1\Temp\ygcevmsxER.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 00:55:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 0:56:40 - machine was rebooted
.
--- E O F ---
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 11th, 2007, 5:02 am

Here is my hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:58 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E11E41D-0638-4645-A3D0-E708E6552009} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Socr] "C:\WINDOWS\ICROSO~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 11th, 2007, 5:04 am

And lastly my uninstall log from hijackthis...

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Adware Away v2.2.8.8
AGEIA PhysX v2.3.3
AIM 6.0
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
AsusUpdate
Avira AntiVir PersonalEdition Classic
AviSynth 2.5
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2(TM)
Battlefield 2142
BitLord 1.1
Company of Heroes
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative Audio Console
Creative MediaSource
Dell Driver Reset Tool
Dell Support 3.1
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Doom 3
EducateU
ELIcon
EVEREST Home Edition v2.20
Ghost Recon Advanced Warfighter
Half-Life(R) 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPodRip
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
LimeWire PRO 4.12.6
Marvell Miniport Driver
MATLAB 7.1
MCU
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Works 2002 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MINITAB 14
MSN
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
Otto
PC Connectivity Solution
PC Probe II
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Shockwave
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster for Media Center
SpyNoMore 2.56
Steam(TM)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
Videora iPod Converter 0.91
Virtual Cable Tester
WhoMod-20100-008-ALPHA
WildTangent Web Driver
Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
WinZip
WordPerfect Office 12
World of Warcraft
Yahoo! Install Manager
Yahoo! Messenger


Once again thanks for the help
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 14th, 2007, 3:17 pm

Sorry for the delay.

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitLord 1.1
LimeWire PRO 4.12.6


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



Step # 1 Remove WildTangent

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  1. Operating System Version
  2. CPU Type and Speed
  3. Memory Amount
    Video Card type and Driver Version
  4. Sound Card type and Driver Version
  5. DirectX Version
    Location that the Web Driver was installed from
  6. It is also a MAJOR resource hog.
For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight WildTangent Web Driver, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.



Step # 2: Add/Remove Programs

Adware Away is a dubious AntiSpyware program and there are much better alternative free programs out there. I would like for you to uninstall it.

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Adware Away v2.2.8.8


Reboot your computer.



Step # 3 Upload Files


Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
C:\WINDOWS\system32\mndsrsfa.ini
Click Submit.
Please post the results of this scan to this thread.

Repeat the above steps with the following files:

C:\WINDOWS\system32\sdfixwcs.dll
C:\os633022.bin


Go to http://www.virustotal.com/en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\system32\mndsrsfa.ini
Click Send.
Please post the results of this scan to this thread.

Repeat the above steps with the following files:

C:\WINDOWS\system32\sdfixwcs.dll
C:\os633022.bin


Please let me know the results.



Step # 4: Download and Run Flash_Disinfector

Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.



Step # 5: Run CFScript

Please delete the version of ComboFix you have on your computer, I need you to download the latest version of ComboFix by sUBs here and save it to your Desktop.



  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://www.malwareremoval.com/forum/viewtopic.php?p=244977
    
    Suspect::
    
    C:\WINDOWS\system32\mndsrsfa.ini
    C:\WINDOWS\system32\sdfixwcs.dll
    
    File:: 
    
    C:\WINDOWS\system32\lpcywinp.exe
    C:\info.exe
    C:\WINDOWS\system32\din.ip
    C:\WINDOWS\system32\jpewocmz.ini
    C:\Documents and Settings\Jake\Local Settings\Temp\002bf04a.sys
    C:\Documents and Settings\Jake\Local Settings\Temp\ygcevmsxER.dll
    C:\WINDOWS\system32\geedb.dll
    
    DirLook::
    
    C:\Program Files\DIFX
    C:\Program Files\RGB
    C:\Documents and Settings\All Users\Application Data\GTek
    
    Driver::
    
    AFW
    
    Registry::
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E11E41D-0638-4645-A3D0-E708E6552009}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Socr"=-
    "QdrModule10"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb905d3-1913-11db-bd8c-806d6172696f}]


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step # 6 Post Logs

In your next post/reply, I'd like to see the following:

    1. Jotti/VirusTotal Results
    2. ComboFix Log (C:\ComboFix.txt)
    3. A fresh HiJackThis Log

If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 16th, 2007, 5:15 pm

Thanks for all your help. After your initial help, i ran the Avira AntiVir program, removed several files and havn't had a single issue/popup yet. Reguardless I continued to follow your directions so here are the results...

HijackThis Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12, on 2007-12-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

____________


Combo Fix:

file copied: C:\WINDOWS\system32\mndsrsfa.ini -> C:\WINDOWS\system32\mndsrsfa.ini.vir ( 793980 bytes )
file zipped: C:\WINDOWS\system32\mndsrsfa.ini.vir -> catchme.zip -> mndsrsfa.ini.vir ( 793980 bytes )
error: C:\WINDOWS\system32\mndsrsfa.ini.vir is not a PE file
PE file "C:\WINDOWS\system32\mndsrsfa.ini.vir" killed successfully
file copied: C:\WINDOWS\system32\sdfixwcs.dll -> C:\WINDOWS\system32\sdfixwcs.dll.vir ( 5 bytes )
file zipped: C:\WINDOWS\system32\sdfixwcs.dll.vir -> catchme.zip -> sdfixwcs.dll.vir ( 5 bytes )
error: C:\WINDOWS\system32\sdfixwcs.dll.vir is not a PE file
PE file "C:\WINDOWS\system32\sdfixwcs.dll.vir" killed successfully
viewtopic.php?p=244977

________________________

The Jotti/Virus reports said the files were ok. I couldn't find an easy way to post a log about them. Just reply if you do need the info and i'll try. Once again thanks for all the help, I havn't had any issues for the past five days.
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 17th, 2007, 5:48 am

Step # 1: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.



Step # 2: Run CFScript

Let's try this step again.

Please delete the version of ComboFix you have on your computer, I need you to download the latest version of ComboFix by sUBs here and save it to your Desktop.

It is very important that you delete the older version of ComboFix and do not use it.


  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://www.malwareremoval.com/forum/viewtopic.php?p=244977
    
    Suspect::
    
    C:\WINDOWS\system32\mndsrsfa.ini
    C:\WINDOWS\system32\sdfixwcs.dll
    
    File:: 
    
    C:\WINDOWS\system32\lpcywinp.exe
    C:\info.exe
    C:\WINDOWS\system32\din.ip
    C:\WINDOWS\system32\jpewocmz.ini
    C:\Documents and Settings\Jake\Local Settings\Temp\002bf04a.sys
    C:\Documents and Settings\Jake\Local Settings\Temp\ygcevmsxER.dll
    C:\WINDOWS\system32\geedb.dll
    
    DirLook::
    
    C:\Program Files\DIFX
    C:\Program Files\RGB
    C:\Documents and Settings\All Users\Application Data\GTek
    
    
    Driver::
    
    AFW
    
    Registry::
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E11E41D-0638-4645-A3D0-E708E6552009}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Socr"=-
    "QdrModule10"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb905d3-1913-11db-bd8c-806d6172696f}]


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step # 3 Post Logs

In your next post/reply, I'd like to see the following:

    1. ComboFix Log (C:\ComboFix.txt)
    2. A fresh HiJackThis Log

If you can't fit all the logs into one post/reply, then use multiple posts/replies to get all the logs in.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 21st, 2007, 4:17 pm

Connavar87?

Do you still need help? If any of my instructions are unclear, let me know.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 23rd, 2007, 5:41 pm

Sorry, I was out of town for a few days. My computer is completely spyware free, I have had no issues since your first help. Feel free to remove this topic, thank you very much for you help!!!

Have a Merry Christmas
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby km2357 » December 24th, 2007, 3:24 pm

A Firewall is an essential part of computer security and you do not appear to have one running on your system. There are several firewalls that provide better protection than the Windows SP2 firewall.Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.

There are a few firewalls available for free that appear to be good and easy to use:
Please download and install only one!


Once the firewall is installed, check to see that the Windows Firewall is disabled. To do so follow these steps:

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, check to see if Off (not recommended) is checkmarked/ticked, if it is not, then checkmark/tick the box and click OK


I would like for you to remove ComboFix from your computer, to do so follow the instructions below:

Go to Start > Run - type in ComboFix /u & click OK


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:
  • This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    • This will remove all restore points except the new one you just created.
    .

    The Disable/Re-enable System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
  • Make your Internet Explorer more secure This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    5. When all these settings have been made, click on the OK button.
    6. If it asks you if you want to save the settings, press the Yes button.
    7. Next press the Apply button and then the OK to exit the Internet Properties page.
    Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Use IE-SPYAD Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Windows Update Site Frequently It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button on the task bar at the bottom of your screen
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then doubleclick it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miek ... ntion.html

Good luck!


Please reply one last time so that I know you have read my post and this thread can be closed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Connavar87 » December 24th, 2007, 8:40 pm

Thanks for you help once again. Computer is working great. Feel free to close the thread.
Connavar87
Active Member
 
Posts: 7
Joined: December 9th, 2007, 6:29 pm

Re: "Internet Speed Monitor" Removal (My hijackthis file)

Unread postby Elrond » December 25th, 2007, 1:33 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware