Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with my sons computer please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help with my sons computer please

Unread postby thefuse » March 3rd, 2006, 4:47 pm

when installing XP i was told to disable the firewall and this computer then got hit with 24 trojans. I've been trying to fix it with all kinds of help but im at a loss as to what to do next.
I ran panda scanner and HJT today and these are the latest logs.
Also his screen has gone green. dont know if thats related.


Incident Status Location

Adware:adware/dyfuca Not disinfected C:\Documents and Settings\y\Local Settings\Temp\cfout.txt
Adware:adware/commad Not disinfected C:\WINDOWS\SYSTEM32\atmtd.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\y\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/maxifiles Not disinfected C:\mc-110-12-0000228.exe
Adware:adware/sqwire Not disinfected C:\installerwebnex.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
Adware:adware/superspider Not disinfected C:\WINDOWS\dl.html
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\mm63.ocx
Adware:adware/vaultsearch Not disinfected C:\PROGRAM FILES\COMMON FILES\VCClient
Adware:adware/qoologic Not disinfected Windows Registry
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\y\Cookies\y@xiti[1].txt
Adware:Adware/BroadcastPC Not disinfected C:\DR21206.exe
Virus:W32/MultiOpen.A.worm Disinfected C:\WINDOWS\SYSTEM32\Rtdx118.dat
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X944QHVH\mc-110-12-0000228[1].exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLCCRGKK\installer[1].exe
Adware:Adware/BroadcastPC Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SLV3OG6Y\DR21206[1].exe
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\system@adultfriendfinder[2].txt
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCClient.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCMain.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\l2mfix.exe[Process.exe]
Adware:Adware/Maxifiles Not disinfected C:\mc-110-12-0000228.exe
Adware:Adware/ClkOptimizer Not disinfected C:\installerwebnex.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix\Process.exe
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\y\Cookies\y@xiti[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\default.qic\cookies.txt[]


Logfile of HijackThis v1.99.1
Scan saved at 12:47:06 PM, on 3/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9BF85BC-FAA5-4DE9-B112-EAB68BB508C2}: NameServer = 213.40.2.19 213.40.2.20
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
thefuse
Regular Member
 
Posts: 40
Joined: May 30th, 2005, 5:19 am
Advertisement
Register to Remove

Unread postby ChrisRLG » March 3rd, 2006, 5:14 pm

Well none of that looks active.

He does need to update to SP2 - BUT not while he is having problems.

Lots of those files noted by the panda scan are false positives.

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix\Process.exe


They are a tool we would recommend for removal of L2M for instance.

the 'green' color of the monitor could be hardware - check the pins on the VGA connection - to make sure one pin is not bent, or broken.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby thefuse » March 3rd, 2006, 7:40 pm

ChrisRLG wrote:Well none of that looks active.

He does need to update to SP2 - BUT not while he is having problems.

Lots of those files noted by the panda scan are false positives.

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix\Process.exe


They are a tool we would recommend for removal of L2M for instance.

the 'green' color of the monitor could be hardware - check the pins on the VGA connection - to make sure one pin is not bent, or broken.

sorry but i dont really understand any of what you said there.
are you saying that the spyware is inactive? but then you say 'not while he's having problems'
what is SP2?
and where would i find the VGA cnnection?
sorry for being a bit dim :oops:
thefuse
Regular Member
 
Posts: 40
Joined: May 30th, 2005, 5:19 am

Unread postby ChrisRLG » March 3rd, 2006, 8:05 pm

While he feels he has problem, he should not update - this is at windows update site. He is well behind with getting any updates from MicroSoft..

The lines in a HJT log show what programs are active on the machine - those that are running. Those do not show any problems. It is possible for a file to be on the machine, but not running that may need to be removed, but because it is not running it cannot do any harm.

The VGA connection is the data cable that runs from the computer box to the monitor box. It contains at each end a 'D' shaped plug, female on the monitor and computer, male on the cable. The male plug has a set of pins that go into the famale plug on the monitor (or computer at the other end) those pins are very delicate and I have known rugh handling to have bent those pins. Three of those pins convey the colors red/green/blue (RGB) and if one is lost that color would be missing from the display.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby thefuse » March 4th, 2006, 1:19 pm

Ok thanks again
thefuse
Regular Member
 
Posts: 40
Joined: May 30th, 2005, 5:19 am

Unread postby NonSuch » March 12th, 2006, 1:52 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware