Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help to know if I have a possible key log/bad viruses!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby waterfalls » September 17th, 2006, 2:51 pm

Well, try it in Normal Mode and let me know how it worked out.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am
Advertisement
Register to Remove

Unread postby Ozzmark » September 17th, 2006, 3:31 pm

Panda Scan




Incident Status Location

Adware:Adware/SaveNow Not disinfected C:\Program Files\filesubmit\pantera2.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ACM.dll
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@atdmt[2].txt
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@zedo[1].txt
Adware:Adware/SystemDoctor Not disinfected G:\VundoFix Backups\bugqunxb.exe.bad
Adware:Adware/SecurityError Not disinfected G:\VundoFix Backups\iihfcvwg.exe.bad
Spyware:Spyware/Virtumonde Not disinfected G:\VundoFix Backups\mljgf.dll.bad
Adware:Adware/SecurityError Not disinfected G:\VundoFix Backups\uqtiabxh.exe.bad
Adware:Adware/SecurityError Not disinfected G:\VundoFix Backups\wqmpqjhh.exe.bad
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected G:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected G:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g10598781.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g11912796.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g11918390.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g13239578.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g1472843.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g156843.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g16961312.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g18283156.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g19604031.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g20721703.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g23445812.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g24765265.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g25690546.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g26086203.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g2791656.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g29927375.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g31247187.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g32567062.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g36408218.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g37612343.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g38932375.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g42891609.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g44114437.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g45310000.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g5435546.dll
Adware:Adware/Miamore Not disinfected G:\WINDOWS\g6756140.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\acykbxyv.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\adlikhun.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\aibtkvrp.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\bdbpnnyc.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\bwtyslbr.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\cmwxfqnl.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\cuhgnopt.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\cvtqylsm.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\dmkcuthq.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\effgjlwo.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\elcwqywu.dll
Adware:Adware/SecurityError Not disinfected G:\WINDOWS\system32\gbbrgiho.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\gjkpndjy.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\hljxxiex.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\ilsbvbgd.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\imejmyam.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\kmutihbs.exe
Adware:Adware/SecurityError Not disinfected G:\WINDOWS\system32\kvjduapr.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\mypnbkjp.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\nflxcigg.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\noxrvoma.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\oeyylhro.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\owwrhqoh.exe
Potentially unwanted tool:Application/Processor Not disinfected G:\WINDOWS\system32\process.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\qjgmljpe.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\qnweeyey.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\qvmedrvq.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\rdaqauiu.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\reggbllm.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\sdpcsclq.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\sealvcgu.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\svjfwnnf.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\tdgttyej.exe
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\tuvoamdx.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\vfeqnone.dll
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\wmcskaex.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\xjmbynit.exe
Adware:Adware/SecurityError Not disinfected G:\WINDOWS\system32\xwlvtiew.exe
Spyware:Spyware/Virtumonde Not disinfected G:\WINDOWS\system32\xxyemjad.dll
Adware:Adware/SystemDoctor Not disinfected G:\WINDOWS\system32\yhywbpyd.exe



Hijackthis Log


Logfile of HijackThis v1.99.1
Scan saved at 3:30:39 PM, on 17/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\program files\steam\steam.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\kitty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Open with WordPerfect - G:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0320453281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby Ozzmark » September 17th, 2006, 3:49 pm

Also,Thoughs files were deleted from HiJackThis and the one file in the local settings you told me to delete(was a .exe) was not there.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby waterfalls » September 17th, 2006, 5:01 pm

Hi,

Please print or copy these instructions because you will be working in Safe Mode without an Internet connection. We have a lot of malware to get off of your system.

• Download and install Ewido Anti-Spyware v4.0
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. Exit Ewido when done.
Do NOT perform a scan yet.

• Now follow the instructions to boot into Safe Mode. This is a more technical way of doing it, so be careful and follow each step exactly and in the order given.

1. Close all programs.
2. On the Windows taskbar, click Start > Run.
3. In the Open box, type the following text: msconfig
4. Click OK.
5. In the System Configuration Utility, on the BOOT.INI tab, check /SAFEBOOT.
6. Click OK.
7. When you are asked to restart the computer, click Restart.

The computer restarts in Safe mode. This can take several minutes.

NOTE: After you finish working in Safe mode, we will use the System Configuration Utility to start Windows XP in Normal Mode.

• Navigate to C:\Windows directory and delete the following files if present:
g10598781.dll
g11912796.dll
g11918390.dll
g13239578.dll
g1472843.dll
g156843.dll
g16961312.dll
g18283156.dll
g19604031.dll
g20721703.dll
g23445812.dll
g24765265.dll
g25690546.dll
g26086203.dll
g2791656.dll
g29927375.dll
g31247187.dll
g32567062.dll
g36408218.dll
g37612343.dll
g38932375.dll
g42891609.dll
g44114437.dll
g45310000.dll
g5435546.dll
g6756140.dll


Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin

Scan with Ewido as follows:
1. Launch Ewido, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

• Now, use the System Configuration Utility to start Windows XP in Normal mode

1. Close all programs.
2. On the Windows taskbar, click Start > Run.
3. In the Open box, type the following text: msconfig
4. Click OK.
5. In the System Configuration Utility, on the BOOT.INI tab, uncheck /SAFEBOOT.
6. Click OK.
7. Close all programs, and restart the computer.

• Post back with the results of the ewido scan and a new HijackThis log.

_________________
Take only memories, leave nothing but footprints.

waterfalls
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Unread postby Ozzmark » September 17th, 2006, 5:43 pm

I cannot access safe mode till later tonight. I will do this when I have a keyboard that lets me access safe mode.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby waterfalls » September 17th, 2006, 7:20 pm

Hi,

I posted instructions to get into Safe Mode without relying on the keyboard, i.e., to use msconfig. Did you try that?
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Unread postby Ozzmark » September 17th, 2006, 9:25 pm

Oh very sorry for not reading all the way through.I don't want to mess something up so I was doing it step by step and didn't read on.I will try that right now.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby Ozzmark » September 17th, 2006, 11:31 pm

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:24:34 PM 17/09/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\extra.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\pantera2.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
G:\VundoFix Backups\mljgf.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
G:\WINDOWS\system32\bwtyslbr.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
G:\WINDOWS\system32\cuhgnopt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
G:\WINDOWS\system32\mypnbkjp.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
G:\WINDOWS\system32\reggbllm.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
G:\VundoFix Backups\bugqunxb.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
G:\VundoFix Backups\iihfcvwg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
G:\VundoFix Backups\uqtiabxh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
G:\WINDOWS\system32\effgjlwo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\gjkpndjy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\hljxxiex.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\kmutihbs.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\noxrvoma.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\owwrhqoh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\qjgmljpe.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\qnweeyey.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\qvmedrvq.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\svjfwnnf.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\tdgttyej.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\tuvoamdx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\xjmbynit.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
G:\WINDOWS\system32\yhywbpyd.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.13:G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
G:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.11:G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
G:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.12:G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
G:\Documents and Settings\Mark\Cookies\mark@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.14:G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
G:\Documents and Settings\Mark\Cookies\mark@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
G:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
G:\WINDOWS\Temp\win85.tmp -> Trojan.Dialer.u : Cleaned with backup (quarantined).
G:\WINDOWS\Temp\winA6.tmp -> Trojan.Dialer.u : Cleaned with backup (quarantined).
G:\WINDOWS\Temp\winB0.tmp -> Trojan.Dialer.u : Cleaned with backup (quarantined).
G:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
G:\VundoFix Backups\wqmpqjhh.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).
G:\WINDOWS\system32\gbbrgiho.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
G:\WINDOWS\system32\xwlvtiew.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).


::Report end


HiJackThis Log


Logfile of HijackThis v1.99.1
Scan saved at 11:30:50 PM, on 17/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\wuauclt.exe
G:\HijackThis\kitty.exe
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby waterfalls » September 18th, 2006, 3:36 am

Hi,

Your HijackThis log was cut off. Please post back with the entire log.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Unread postby Ozzmark » September 18th, 2006, 7:52 am

Logfile of HijackThis v1.99.1
Scan saved at 7:44:32 AM, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\program files\steam\steam.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\kitty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Open with WordPerfect - G:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0320453281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby waterfalls » September 18th, 2006, 10:58 am

Hi,

Just one leftover to clean.

Start HiajackThis, click System Scan Only and place a checkmark next to the following item:
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/insta ... rstart.cab

Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

Reboot your computer.

Post back with a new HijackThis log. Also, how is your computer running now?
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Unread postby Ozzmark » September 18th, 2006, 3:57 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:56:16 PM, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\HijackThis\kitty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Open with WordPerfect - G:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0320453281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe



It is running good.I use to have Iexplorer.exe randomly open and slow down my computer a lot.And it hasn't happened since this clean up.Thank you very much for the help!Saved my computer :D
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby Ozzmark » September 18th, 2006, 4:14 pm

Last log was not after a reboot!But this log is.



Logfile of HijackThis v1.99.1
Scan saved at 4:12:54 PM, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\WINDOWS\system32\RunDLL32.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\HijackThis\kitty.exe
G:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Open with WordPerfect - G:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0320453281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby waterfalls » September 18th, 2006, 5:30 pm

Hi,

Your log looks clean now.

• You have an outdated version of Java which, because of security reasons, needs to be updated. To update Java:
- Go to Start -> Control Panel -> Add/Remove programs
- Search in the list for all previous installed versions of Java. (J2SE Runtime Environment...)
- Select the version(s) and click Remove
- Then download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
:!: Reboot after installation.

• Please set your system to hide system files.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
- Check: Hide file extensions for known file types
- Check the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.

• If you have not done so, please empty your Recycle Bin.

• Create a new Restore Point:
- Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

• Delete the old Restore Points:
- Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

:!: Reboot your computer.

• To keep this clean in the future, I would suggest the following things:

• Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

• Download ATF Cleaner by Atribune and save to your desktop.
This program is for XP and Windows 2000 only
This is a good program for periodically cleaning your system. Instructions are here

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

• Let your anti-spyware scanner(s) scan frequently and don't forget to update before scanning.

• I suggest you perform an online virus-scan once in a while (Housecall and/or Bitdefender) because what one virus-scanner can't find, another one maybe can.
Also, make sure that your virus-scanner, the one that is already installed on your system, is always up to date!

• Make sure your Windows has the latest updates by going here.

• More information on how to prevent malware can be found at So how did I get infected in the first place? (by Tony Klein) and Malware Prevention: Prevent Re-infection.

Happy surfing again! :)
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Unread postby waterfalls » September 18th, 2006, 6:45 pm

Hi,

One additional thing: If the version of Symantec that you have installed does not have a Firewall component, you should install one. This will greatly help in preventing your system from being infected by malware.
Agnitum Outpost Free -or- Kerio are good FREE software Firewall programs.
See, Understanding and Using Firewalls
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware