Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

requesting help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: requesting help

Unread postby chryssi2001 » June 10th, 2008, 5:26 am

Thanks for the HijackThis log.

Now double-click and open Malwarebytes' Anti-Malware.

Go to to Quarantine tab, and see if it Quarantined any items.
If yes, go to Logs Tab. If the report is saved it will be in there.
Select the report and click Open.

Now copy/past back the report.

Let me know if no report shows in Logs Tab.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Re: requesting help

Unread postby swoop » June 10th, 2008, 5:33 am

nothing in the quarantine or log tab.
swoop
Active Member
 
Posts: 14
Joined: June 1st, 2008, 4:41 am

Re: requesting help

Unread postby chryssi2001 » June 10th, 2008, 7:18 am

Hello swoop,

Ok, let's run another scan.
----------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
Kaspersky report.
A new HijackThis log.
Is the pc running ok now?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: requesting help

Unread postby swoop » June 10th, 2008, 5:06 pm

chryssi2001 wrote: and then put the kettle on!



i was wondering if you were english. my guess is an amreican living abroad. european possibly.

1) i am unable to go to the kink you provided.

http://www.kaspersky.com/kos/eng/partne ... bscan.html

i am redirected here...

http://www.kaspersky.com/kos/eng/partne ... 3132702765

2)(((Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.)))

i am unable to find this setting.


i used explorer to open. the update went fine. ready to scan. just cant find that setting :(
swoop
Active Member
 
Posts: 14
Joined: June 1st, 2008, 4:41 am

Re: requesting help

Unread postby chryssi2001 » June 11th, 2008, 1:55 am

Hi swoop,

and then put the kettle on!

i was wondering if you were english. my guess is an amreican living abroad. european possibly.

Wrong guess, but Kaspersky scan takes too long that's the reason i have that note. :lol:

There was a change at Kaspersky site. You will probably need Java Installation.
Try it without Java Installation first. If still problems, install Java.
Can you try this?
------------------------------------------------
JAVA INSTALLATION
Please make sure that all programs are closed when installing Java.

  • Click here to visit Java's website.
  • Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  • Double click on jre-6u6-windows-i586-p.exe to install Java.
  • Reboot your computer.
------------------------------------------------
Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
------------------------------------------------
Post back:
Kaspersky report.
A new HijackThis log.
Is the pc running ok now
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: requesting help

Unread postby swoop » June 11th, 2008, 8:32 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 11, 2008 07:03:10
Records in database: 850670
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 51856
Threat name: 15
Infected objects: 53
Suspicious objects: 0
Duration of the scan: 03:37:12


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0000\4EED2F41.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0001\4EED2F68.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0002\4EED306B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0003\4EED30AD.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0004\4EED30D7.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0005\4EED30FB.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0006\4EED33E0.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0007\4EED34CA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0008\4EED34ED.VBN Infected: Trojan.Win32.Monder.le 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC0009\4EED350F.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000A\4EED3531.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000B\4EEE89F0.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000C\4EEE97FC.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000D\4EEEA60A.VBN Infected: Trojan.Win32.Monder.le 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000E\4EEEB41A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06AC000F\4EEEC22A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80000\4EFBE32B.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80001\4EFBEAF5.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07540000\4F7EC439.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.trv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07800001\4FC1701C.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07980000\4FBAA686.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.trl 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-186.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-750.dll Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cgcvforn.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eddkrpsp.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\efcBtrRH.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\geButqPJ.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gvlrcwkm.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\imgkiutu.dll.vir Infected: Trojan.Win32.Agent.rep 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kberlbhf.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lllxnylh.dll.vir Infected: Trojan.Win32.Agent.rep 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mymqwijq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\neisglhy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qpcmmryn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\catchme2008-06-08_ 71433.98.zip Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\Program Files\CBS Software\SpeedConnect Internet Accelerator\keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.vfw 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\awtrPjJa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\dvusitau.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\geBssqOH.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\gtmyvemm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ixxmugla.dll Infected: Trojan-Downloader.Win32.ConHook.apx 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\kelryauh.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\mgjtgulu.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\mujejosr.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\nnnnMCVM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ojgjwokg.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\pofqdjni.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\qoMcywWm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\snppqygk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\vtUkhFUn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ryv 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\vylugrpt.dll Infected: Trojan.Win32.Monder.gen 1
C:\_OTMoveIt\MovedFiles\06012008_063915\WINDOWS\system32\ykoeuyqd.dll Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.





-----------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:52 AM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\Atiptaab.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\stacy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\stacy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\stacy\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5065 bytes
swoop
Active Member
 
Posts: 14
Joined: June 1st, 2008, 4:41 am

Re: requesting help

Unread postby swoop » June 11th, 2008, 9:00 am

the pc is operating much better. it is no longer trying to redirect in new tab.
swoop
Active Member
 
Posts: 14
Joined: June 1st, 2008, 4:41 am

Re: requesting help

Unread postby chryssi2001 » June 11th, 2008, 12:04 pm

Hello swoop,

the pc is operating much better. it is no longer trying to redirect in new tab.

Good to hear this.

Some minor things to remove and you are good to go!
----------------------------------------------
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-186.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-750.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080601-025729-911.dll

Right-Click and remove them.
----------------------------------------------
EMPTY NORTON QUARANTEE FOLDERS
Go to this page and follow the directions for emptying Quarantine for your version of Norton Antivirus:
Removing files from Norton AntiVirus Quarantine

If this is not possible using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following Folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Right-click and empty all it's contents.
----------------------------------------------
I can't see any firewall in your HijackThis log, so i assume you use windows firewall.
If your Symantec Anti-Virus includes a firewall too, ignore this.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. It's preferable to install one of the suggested firewalls.
Vista users, must check compatibility with Vista before installation.

FREE FIREWALLS
Tutorial about Firewalls can be found here
----------------------------------------------
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
----------------------------------------------
Congratulations you are clean! :)

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: requesting help

Unread postby NonSuch » June 13th, 2008, 2:03 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 162 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware