Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help removing trojan

Unread postby twaters » September 4th, 2009, 7:52 pm

I posted this on another forum and haven't had anyone offer to help so I'll try here.

Several nights ago, my computer started displaying many error messages. Though the bar at the top of the dialogue box referred to different programs, the text of the message said "The application or DLL C:\WINDOWS\system32\jodozome.dll is not a valid Windows image. Please check this against your installation diskette." There is another message that appears after I finish clicking through these that says "Error loading C:\Windows\system32\pivetupa.dll%1 is not a valid Win 32 application."
I ran a virus scan using by Webroot Antivirus and AVG Free Edition. The messages continued to show up, sometimes dozens of them, whenever I would start the computer or open an application. After googling this problem, I found several websites that said to download a program called SDFix. I did this and ran the program in safe mode but this did not help at all. I downloaded HijackThis and will post my log below. Thanks in advance for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:11 PM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080514
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080514
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {92ccb939-4936-4ac1-a987-2c3d578afaf2} - C:\WINDOWS\system32\tanirige.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NVHotkey] "C:\WINDOWS\system32\rundll32.exe" nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [KADxMain] "C:\WINDOWS\system32\KADxMain.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] "C:\WINDOWS\Temp\RecoverFromReboot.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [duyideyehi] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\pivetupa.dll",s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,C:\WINDOWS\system32\jodozome.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (http://www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8684 bytes
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm
Advertisement
Register to Remove

Re: Need help removing trojan

Unread postby MWR 3 day Mod » September 8th, 2009, 11:49 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Need help removing trojan

Unread postby Shaba » September 10th, 2009, 2:04 am

Hi twaters

What is that another forum you posted to and have you already got reply from there?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 10th, 2009, 6:33 am

The other forum was techguy.org and I never received a reply from them.
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby Shaba » September 10th, 2009, 10:53 am

So if you want to continue, please inform them that they will close thread there.

Post back afterwards and we will start :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 10th, 2009, 1:42 pm

Alright, I closed the thread there.
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby Shaba » September 10th, 2009, 2:03 pm

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 10th, 2009, 3:21 pm

After running ComboFix, the original error messages when starting Windows and other programs no longer appeared. A new one, however, did. It said "Error loading C:\WINDOWS\system32\pivetupa.dll. The specified module could not be found." This did not appear, though, after restarting my computer a second time.

I will first copy the ComboFix log, then the new HijackThis log.

ComboFix 09-09-09.09 - Thomas 09/10/2009 14:37.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1551 [GMT -4:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\blyuwrjl.exe
c:\documents and settings\Thomas\Application Data\inst.exe
C:\fyblb.exe
C:\LOG39.tmp
C:\LOG3D.tmp
C:\LOG3E.tmp
C:\LOG3F.tmp
C:\LOGFC.tmp
c:\program files\INSTALL.LOG
C:\pvewnn.exe
c:\windows\system32\jodozome.dll
c:\windows\system32\pivetupa.dll
c:\windows\system32\tanirige.dll
c:\windows\system32\wisdstr.exe
C:\xvhu.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-08 21:55 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-02 22:02 . 2009-09-02 22:02 -------- d-----w- c:\program files\Trend Micro
2009-09-02 19:28 . 2009-09-02 19:28 -------- d-----w- c:\program files\Exterminate It!
2009-09-01 22:27 . 2009-09-01 22:27 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-09-01 22:07 . 2009-09-01 22:07 -------- d-----w- c:\windows\ERUNT
2009-09-01 22:00 . 2009-09-01 23:04 -------- d-----w- C:\SDFix
2009-08-31 10:39 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-31 10:39 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-08-31 10:39 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-31 10:39 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-31 10:39 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-31 10:39 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-31 10:39 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-31 10:39 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-31 10:39 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-31 10:17 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-31 10:17 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-31 10:12 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-31 10:12 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-18 19:34 . 2009-08-18 19:34 0 ----a-w- c:\windows\PowerReg.dat
2009-08-18 19:34 . 2009-08-28 21:28 -------- d-----w- c:\program files\Infogrames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 19:00 . 2008-10-09 12:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-02 02:21 . 2009-02-07 17:59 -------- d-----w- c:\documents and settings\Thomas\Application Data\U3
2009-09-01 22:04 . 2009-09-01 22:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Webroot
2009-09-01 13:26 . 2008-05-14 20:26 -------- d-----w- c:\program files\Microsoft Works
2009-09-01 13:23 . 2008-12-06 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-28 21:29 . 2009-06-25 17:20 -------- d-----w- c:\program files\Musicnotes
2009-08-28 21:28 . 2008-05-14 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 13:21 . 2008-08-25 14:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:21 . 2008-08-25 14:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:21 . 2008-08-25 14:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-12 03:17 . 2008-09-07 16:25 4132 -c--a-w- c:\documents and settings\Thomas\Application Data\wklnhst.dat
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-10 17:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-02 15:45 . 2009-07-02 15:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 16:12 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 17:50 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 03:37 . 2008-06-02 22:50 59576 -c--a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-11-09 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-29 8491008]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-01-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-29 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-11 2183168]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2007-11-08 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-01-29 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 13:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:DCOM(135)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2008 10:20 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/25/2008 10:20 AM 108552]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/31/2008 3:19 PM 103304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/25/2008 10:20 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2008 10:20 AM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/1/2008 8:41 AM 24652]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [7/31/2008 3:19 PM 353672]
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-05-22 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-24 20:04]

2009-05-22 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-24 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://drudgereport.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{92ccb939-4936-4ac1-a987-2c3d578afaf2} - c:\windows\system32\tanirige.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-duyideyehi - c:\windows\system32\pivetupa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 15:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'explorer.exe'(1548)
c:\windows\system32\WININET.dll
c:\windows\system32\wdfproc.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 19:10

Pre-Run: 96,663,670,784 bytes free
Post-Run: 96,557,240,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

227 --- E O F --- 2009-09-10 10:31
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby twaters » September 10th, 2009, 3:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:02 PM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080514
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NVHotkey] "C:\WINDOWS\system32\rundll32.exe" nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [KADxMain] "C:\WINDOWS\system32\KADxMain.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7874 bytes
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby Shaba » September 10th, 2009, 3:33 pm

Good :)

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 11th, 2009, 8:20 am

I have tried running Kaspersky several times now, but it has to download a massive number of updates (over 68,000 KB).The connection keeps timing out after it reaches about 500 KB, and it takes forever to get that far. Is there another program we can run instead?
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby Shaba » September 11th, 2009, 11:24 am

Yes you can try this:

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Scan unwanted applications is CHECKED
  5. Click "Scan"
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 11th, 2009, 4:38 pm

This one worked. :)

I couldn't find the log at first so I started to run the scan again, but then I found it so I stopped the second scan. I hope that doesn't matter.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1667c8cc6c4f1844abb30d154e36398c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-11 08:32:11
# local_time=2009-09-11 04:32:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 12354456093750
# scanned=51969
# found=6
# cleaned=0
# scan_time=1927
C:\Qoobox\Quarantine\C\blyuwrjl.exe.vir Win32/Adware.Virtumonde.NEK application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\fyblb.exe.vir a variant of Win32/Kryptik.AJT trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\pvewnn.exe.vir a variant of Win32/Olmarik.LP trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir Win32/TrojanDownloader.FakeAlert.AGO trojan 00000000000000000000000000000000 I
C:\SDFix\apps\Process.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\SDFix\backups\backups.zip a variant of Win32/Kryptik.AIN trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1667c8cc6c4f1844abb30d154e36398c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-11 08:35:55
# local_time=2009-09-11 04:35:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 12356699062500
# scanned=742
# found=0
# cleaned=0
# scan_time=77
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm

Re: Need help removing trojan

Unread postby Shaba » September 12th, 2009, 5:57 am

That looks good :)

We will remove those findings in final instructions.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help removing trojan

Unread postby twaters » September 12th, 2009, 9:10 am

I have not had any more problems, but we should definitely remove those six items that the last scan found.
I guess this means we're almost finished. Thanks for your help!
twaters
Regular Member
 
Posts: 15
Joined: September 4th, 2009, 7:46 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware