Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cant remove DYFICA virus... Please help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cant remove DYFICA virus... Please help.

Unread postby HvedeKim » March 22nd, 2005, 6:24 am

I'm having a lot of trouble with the Dyfica virus, which neither my Avast or AVG can remove. They can find the virus(es) but they cant remove, delete or heal them. I am posting my log file here, and if anyone can hlep me remove them or tell what to do, it would be so great.
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:10:59, on 22-03-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\nvsc32.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\mHotkey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\WINDOWS\tmwff.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\m2.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\aircity.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Tweak-XP Pro 4\AdBlocker.exe
C:\WINDOWS\System32\aircity.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\JAKOBL~1\LOKALE~1\Temp\Rar$EX00.328\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pghczecnnylatfyshxnospddq.co ... gYMOha.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onside.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programmer\E2G\IeBHOs.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [pileinterdartglue] C:\Documents and Settings\All Users\Application Data\bintimepileinter\Site Blue.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programmer\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [bkI6ab4f9] C:\WINDOWS\tmwff.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [REGRUN] C:\m2.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteogh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BlockAds] "C:\Programmer\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKCU\..\Run: [Show amen] C:\DOCUME~1\JAKOBL~1\APPLIC~1\COPYME~1\SIXTHEACHLOG.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [aircity] C:\WINDOWS\System32\aircity.exe
O4 - HKCU\..\RunOnce: [aircity] C:\WINDOWS\System32\aircity.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_42.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf63532 ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4983762718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} - http://www.gamedaily.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark
Advertisement
Register to Remove

Unread postby ChrisRLG » March 22nd, 2005, 9:47 am

Could you please follow this post from our Public Library.

http://forum.malwareremoval.com/viewtopic.php?t=232&start=0&postdays=0&postorder=asc&highlight=

Then do please post back here with a fresh hijackthis log, BUT please remove from the zip file and put in its own folder first before running.

Also please post your report from the Kaspersky AV program.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby HvedeKim » March 22nd, 2005, 10:59 am

Ok. I really don't know what to do about these viruses since I am not very good at computers. Please excuse me if I do not understand some of the things you tell me the first time... :) I am from Denmark.

Here is my log now, then:

Logfile of HijackThis v1.99.1
Scan saved at 16:01:56, on 22-03-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\nvsc32.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\mHotkey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\WINDOWS\tmwff.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\aircity.exe
C:\programmer\valve\steam\steam.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Programmer\Tweak-XP Pro 4\AdBlocker.exe
C:\WINDOWS\System32\aircity.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.urhixbnuzvz.com//3NHMHPHPS2T ... YMOha.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maximonline.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programmer\E2G\IeBHOs.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [pileinterdartglue] C:\Documents and Settings\All Users\Application Data\bintimepileinter\Site Blue.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programmer\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [bkI6ab4f9] C:\WINDOWS\tmwff.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [REGRUN] C:\m2.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteogh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BlockAds] "C:\Programmer\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKCU\..\Run: [Show amen] C:\DOCUME~1\JAKOBL~1\APPLIC~1\COPYME~1\SIXTHEACHLOG.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [aircity] C:\WINDOWS\System32\aircity.exe
O4 - HKCU\..\RunOnce: [aircity] C:\WINDOWS\System32\aircity.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmer\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_42.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf63532 ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4983762718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} - http://www.gamedaily.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby ChrisRLG » March 22nd, 2005, 11:09 am

you need to install and run KAV based on that link I gave in the previous post.

It has pictures to follow so should be no problem for you.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby HvedeKim » March 23rd, 2005, 5:47 am

Thank you. Right now i am downloading the KAV. I will post later when I have done the things you told me to. I have to do ALL the things, described about the KAV, right?
Thanks
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby ChrisRLG » March 23rd, 2005, 6:10 am

that post is mostly about KAV.

It explains a way to install while not interfering with your other AV program - which is the main problem.

Doing it the way we suggest should give less problems than just installing KAV via its default settings.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby HvedeKim » March 23rd, 2005, 6:53 am

I have gotten to the scanning section now. Just to be sure, Rebooting does not make me lose or delete any files on ,y computer does it? In danish, booting one's computer means (in slang) to delete all files and start from scrath... I am nervous about what rebooting my computer means exactly...
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby HvedeKim » March 23rd, 2005, 7:12 am

Sorry, I missunderstood you for a second. Now I know what rebooting into safemode means. I will write you later today or tomorrow when I have done the scan, as later I am going to town so I wont be home until late tomorrow. But I must say I am very grateful for your help so far!
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby HvedeKim » March 24th, 2005, 2:57 pm

Now I have tried going into Safe Mode to scan the pc... I got into Safe Mode as I was supposed to BUT... In Safe Mode my mouse does not work for some reason! My keyboard works on safe mode, but the mouse is just frozen in the middle of the screen. So I am having some problems performing the scan in safem ode, as i cannot use the mouse... I have tried exchanging the mouse with another... still does not work... I don't know what to do then? Is this a common problem, and can i somehow do the scan without using the mouse??? Sorry for all the trouble there has been so far.
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby ChrisRLG » March 24th, 2005, 3:09 pm

I have never tried without a mouse.

Your drive for the mouse is obviously not installed to run in safe mode - it is a USB mouse.

If so you will need a type that does not use the USB port, a PS2 or serial mouse, an old one would do.

If not try doing in normal mode - not sure if it will work as well, but you can be the first.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby HvedeKim » March 24th, 2005, 7:23 pm

Hmm thanks. The problem is, that it is NOT an USB-mouse... its and old mouse. So tomorrow (friday) I will try scanning in normal mode. If it doesn't work properly, and I will try and find a way to do it in Safe Mode if I can.
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby HvedeKim » March 25th, 2005, 11:32 am

Now I have scanned the computer in safe mode with KAV. I managed to do it quite awardly using only the keyboard. I think it removed 117 viruses! Thank you so much for the help. Should I post a log now, or anything so you can see the status on the pc?
As I started the pc again, KAv immediately told me that a Trojan was present (I cant remember where now, I forgot to write down. I just pressed "delete it"). But KAV cannot delete the trojan...
Thank you very much for all the help with KAV.
HvedeKim
Active Member
 
Posts: 8
Joined: March 22nd, 2005, 6:12 am
Location: Denmark

Unread postby ChrisRLG » March 31st, 2005, 3:58 am

Sorry I seemed to have missed this post of yours.

Yes please post a fresh HJT log.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby ChrisRLG » April 14th, 2005, 6:49 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware