Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help

Unread postby alexneedhelp » January 22nd, 2008, 8:57 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:47 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [54be3fd5] rundll32.exe "C:\WINDOWS\system32\rjnpwmae.dll",b
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 3722 bytes
alexneedhelp
Regular Member
 
Posts: 19
Joined: January 14th, 2008, 5:52 pm
Advertisement
Register to Remove

Re: Need help

Unread postby Scotty » January 24th, 2008, 7:40 am

Hi

Disable Teatimer
First:

  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident

Second:

  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O3 - Toolbar: (no name) - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [54be3fd5] rundll32.exe "C:\WINDOWS\system32\rjnpwmae.dll",b
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked exit HijackThis and reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Need help

Unread postby alexneedhelp » January 25th, 2008, 12:52 am

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:47 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\divxsm.exe
C:\Documents and Settings\Alex\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 3612 bytes

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 24, 2008 11:49:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/01/2008
Kaspersky Anti-Virus database records: 531609
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 79080
Number of viruses found: 17
Number of infected objects: 90
Number of suspicious objects: 0
Duration of the scan process: 01:51:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\history.dat Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\key3.db Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-35f26f24.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-35f26f24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5931e222.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5931e222.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6b6bd9f8.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6b6bd9f8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-225f8728.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-225f8728.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Alex\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Desktop\seo and icons\Keyword Elite V1.3 R100.zip/KWE13100.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\Documents and Settings\Alex\Desktop\seo and icons\Keyword Elite V1.3 R100.zip/Keyword Elite.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\Documents and Settings\Alex\Desktop\seo and icons\Keyword Elite V1.3 R100.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Alex\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\AOL OCP\AIM\Storage\data\mthmn200\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\cp2ym1a1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Temp\~DF373F.tmp Object is locked skipped
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\ntuser.dat Object is locked skipped
C:\Documents and Settings\Alex\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_ALEXANDER.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_ALEXANDER.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdltnpwe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\csadxtfd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\duucomck.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\etirdqrn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\exyrcptt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fixdlatt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hajnlepi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hyxorffs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\igkasofn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.af skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iuikydhl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kvmbcsod.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kwjhoeah.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mffajkiu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nieijdpi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nsiesups.dll.vir Infected: Backdoor.Win32.Agent.dlj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\phimqewa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\psmtdjbn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qkblfnyy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sefphxeo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqwcrxcm.dll.vir Infected: Backdoor.Win32.Agent.dlj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ufoneruq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vlovwojp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vlqxjagv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\weqswfpr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wnxhtcgp.dll.vir Infected: Trojan.Win32.Pakes.bwd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xetpptfa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xjkmnfuw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xmdkkepr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ybuqmbmx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yuexjefy.dll.vir Infected: Backdoor.Win32.Agent.dlj skipped
C:\QooBox\Quarantine\C\WINDOWS\Temp\80.exe.vir Infected: Trojan-Downloader.Win32.Delf.dcn skipped
C:\QooBox\Quarantine\catchme2008-01-17_234131.43.zip/ctl_w32.sys Infected: Rootkit.Win32.Agent.pq skipped
C:\QooBox\Quarantine\catchme2008-01-17_234131.43.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP109\A0011079.exe Infected: Trojan-Proxy.Win32.Saturn.m skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP112\A0014089.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP115\A0017117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP116\A0025127.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP119\A0026302.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP120\A0027335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP121\A0027360.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP125\A0030476.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP127\A0031556.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP129\A0035027.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP150\A0040825.exe Infected: Trojan.Win32.DNSChanger.acs skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040899.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040901.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040906.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040907.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.af skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040908.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040910.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040913.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040915.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnr skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040918.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040920.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040921.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040923.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040924.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040928.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040929.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040933.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040935.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040938.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP151\A0040941.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP154\A0041176.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP154\A0041180.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP154\A0041187.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP154\A0041188.exe Infected: Trojan-Downloader.Win32.Loan.a skipped
C:\System Volume Information\_restore{1EE338EB-E25C-4D14-AEA6-AB7F0AAB58A1}\RP157\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
alexneedhelp
Regular Member
 
Posts: 19
Joined: January 14th, 2008, 5:52 pm

Re: Need help

Unread postby Scotty » January 25th, 2008, 11:34 am

Hello

Navigate to and delete the following folders (if they are present):

Folders:
C:\Documents and Settings\Alex\Desktop\seo and icons\Keyword Elite V1.3 R100.zip
C:\Documents and Settings\Alex\Desktop\SmitfraudFix
C:\fixwareout


Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Image


You may wish to keep hold of the Kaspersky Online Scan as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs


Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
  1. Close any programmes you may have running, ESPECIALLY your web browser
  2. Click Start > Control Panel.
  3. Click Add/Remove Programs.
  4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  5. Click the Remove or Change/Remove button.
  6. Repeat as many times as necessary to remove all versions of Java.
  7. Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u4, and click Yes at the page warning, then accept the Licence Agreement before downloading the Offline file.


Finally, post a new HijackThis log and let me know if you are still having any problems.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Need help

Unread postby alexneedhelp » January 25th, 2008, 5:53 pm

Once again, thanks for all your help.
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:09 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--
End of file - 3516 bytes
alexneedhelp
Regular Member
 
Posts: 19
Joined: January 14th, 2008, 5:52 pm

Re: Need help

Unread postby Scotty » January 26th, 2008, 8:06 am

Hi

Congratulations, you appear to be malware free.

Follow my instructions for disabling Spybot S&D's teaTimer to re-enable it.

Here is a free program I recommend.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Need help

Unread postby alexneedhelp » January 26th, 2008, 5:06 pm

Post=Read. Close away. Thanks again for all your help.
alexneedhelp
Regular Member
 
Posts: 19
Joined: January 14th, 2008, 5:52 pm

Re: Need help

Unread postby NonSuch » February 2nd, 2008, 2:44 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware