Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware problem

Unread postby 2rone » August 7th, 2008, 9:02 pm

Hi

FINALLY... :cheers: here's my kaspersky report and HJT log...

KASPERSKY SCAN REPORT

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 07, 2008 01:28:17
Records in database: 1064452
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 459984
Threat name: 14
Infected objects: 36
Suspicious objects: 0
Duration of the scan: 16:56:45


File name / Threat name / Threats count
C:\MySQL\data\apcmealsystem\enough\Trash\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\QooBox\Quarantine\D\33gmhso.bat.vir Infected: Trojan.Win32.Vaklik.bvg 1
C:\QooBox\Quarantine\D\fi.cmd.vir Infected: Worm.Win32.AutoRun.ekv 1
C:\QooBox\Quarantine\D\ivcvknr.bat.vir Infected: Trojan.Win32.Vaklik.bxi 1
C:\QooBox\Quarantine\D\k.com.vir Infected: Worm.Win32.AutoRun.ekz 1
C:\QooBox\Quarantine\D\no.com.vir Infected: Worm.Win32.AutoRun.ekl 1
C:\QooBox\Quarantine\D\wak.cmd.vir Infected: Worm.Win32.AutoRun.ela 1
C:\QooBox\Quarantine\D\xc9f3l6.cmd.vir Infected: Trojan.Win32.Vaklik.bvu 1
C:\_OTMoveIt\MovedFiles\07232008_175300\Downloads\NOD32 Antivirus System 2.70.39 for Windows NT20002003XPVista 3264.rar Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\_OTMoveIt\MovedFiles\07232008_175300\vg86pltx.cmd Infected: Trojan.Win32.Vaklik.bad 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062216.com Infected: Worm.Win32.AutoRun.ekl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062217.inf Infected: Worm.Win32.AutoRun.ejl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062272.com Infected: Worm.Win32.AutoRun.ekl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062273.inf Infected: Worm.Win32.AutoRun.ejl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062370.cmd Infected: Worm.Win32.AutoRun.ekv 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062371.cmd Infected: Trojan.Win32.Vaklik.bts 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0062372.inf Infected: Worm.Win32.AutoRun.ekv 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0063358.com Infected: Worm.Win32.AutoRun.ekz 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0063360.inf Infected: Worm.Win32.AutoRun.ekz 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0063361.cmd Infected: Trojan.Win32.Vaklik.bts 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064383.com Infected: Worm.Win32.AutoRun.ekl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064384.inf Infected: Worm.Win32.AutoRun.ekz 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064387.cmd Infected: Trojan.Win32.Vaklik.bts 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064410.bat Infected: Trojan.Win32.Vaklik.bvg 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064437.bat Infected: Trojan.Win32.Vaklik.bvg 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP74\A0064474.bat Infected: Trojan.Win32.Vaklik.bvg 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP77\A0064571.inf Infected: Worm.Win32.AutoRun.emg 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP78\A0064811.exe Infected: Trojan-GameThief.Win32.OnLineGames.shsa 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP80\A0065065.cmd Infected: Trojan.Win32.Vaklik.bad 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065161.bat Infected: Trojan.Win32.Vaklik.bvg 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065162.cmd Infected: Worm.Win32.AutoRun.ekv 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065163.bat Infected: Trojan.Win32.Vaklik.bxi 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065164.com Infected: Worm.Win32.AutoRun.ekz 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065165.com Infected: Worm.Win32.AutoRun.ekl 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065166.cmd Infected: Worm.Win32.AutoRun.ela 1
D:\System Volume Information\_restore{7FCE823D-1651-485D-A73E-665487398EF3}\RP81\A0065167.cmd Infected: Trojan.Win32.Vaklik.bvu 1

The selected area was scanned.


HJT LOGFILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:23 AM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\wil\various installers\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 16.157.192.224:8888
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://60.248.39.146:1025/RtspVaPgDec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Apache\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\MySQL\bin\mysqld-nt (file missing)
O23 - Service: OracleDBConsoledb0001 - Unknown owner - D:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: OracleDBConsoleroannewd - Unknown owner - C:\oracle10gr2\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOraHomeAgent - Oracle Corporation - c:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHomeClientCache - Unknown owner - c:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHomeHTTPServer - Unknown owner - c:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHomePagingServer - Unknown owner - c:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHomeSNMPPeerEncapsulator - Unknown owner - c:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHomeSNMPPeerMasterAgent - Unknown owner - c:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHomeTNSListener - Unknown owner - c:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOraHomeTNSListenerLISTENER1 - Unknown owner - c:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceFDP - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceROANDB - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10362 bytes
2rone
Regular Member
 
Posts: 20
Joined: July 16th, 2008, 4:06 am
Advertisement
Register to Remove

Re: Malware problem

Unread postby Shaba » August 8th, 2008, 2:54 am

Empty these folders:

C:\QooBox\Quarantine\
C:\_OTMoveIt

Empty Recycle Bin,

Have you uninstalled all Norton products?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware problem

Unread postby 2rone » August 8th, 2008, 7:27 am

Hi

Oh you mean the Symantec products? I have uninstalled the antivirus itself except for the Symantec LiveUpdate. It seems that there's no uninstaller for LiveUpdate nad none in the Add/Remove Programs too. Is it safe to just delete it?

And by the way my laptop's running fine now :D
2rone
Regular Member
 
Posts: 20
Joined: July 16th, 2008, 4:06 am

Re: Malware problem

Unread postby Shaba » August 8th, 2008, 11:38 am

Try this first and post
back a fresh HijackThis log afterwards, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware problem

Unread postby 2rone » August 10th, 2008, 10:40 pm

Hi

As you requested..

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:41 AM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Apache\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\Program Files\Free Download Manager\fdm.exe
D:\wil\various installers\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 16.157.192.224:8888
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Apache\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\MySQL\bin\mysqld-nt (file missing)
O23 - Service: OracleDBConsoledb0001 - Unknown owner - D:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: OracleDBConsoleroannewd - Unknown owner - C:\oracle10gr2\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOraHomeAgent - Oracle Corporation - c:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHomeClientCache - Unknown owner - c:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHomeHTTPServer - Unknown owner - c:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHomePagingServer - Unknown owner - c:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHomeSNMPPeerEncapsulator - Unknown owner - c:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHomeSNMPPeerMasterAgent - Unknown owner - c:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHomeTNSListener - Unknown owner - c:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleOraHomeTNSListenerLISTENER1 - Unknown owner - c:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceFDP - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceROANDB - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10281 bytes


Checked the Control panel, Program Files and Docs and Settings/App Data and no sign of Norton and Symantec. Can I have the All Clear now? :D
2rone
Regular Member
 
Posts: 20
Joined: July 16th, 2008, 4:06 am

Re: Malware problem

Unread postby Shaba » August 11th, 2008, 7:12 am

Yes we can unless you have some issues left? :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware problem

Unread postby 2rone » August 12th, 2008, 12:51 am

Hi

My laptop's seems to be clean now. And my issues would be how to prevent future infections and runing my laptop a little bit faster. Maybe some tips would help. :D
2rone
Regular Member
 
Posts: 20
Joined: July 16th, 2008, 4:06 am

Re: Malware problem

Unread postby Shaba » August 12th, 2008, 3:44 am

Before that, how much RAM you have?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware problem

Unread postby 2rone » August 12th, 2008, 7:42 am

About 1 GB ...not really enough I think :roll:
2rone
Regular Member
 
Posts: 20
Joined: July 16th, 2008, 4:06 am

Re: Malware problem

Unread postby Shaba » August 12th, 2008, 8:18 am

I see.

Have you defragged lately?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware problem

Unread postby NonSuch » August 20th, 2008, 7:56 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware