Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some very annoying issues, please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Some very annoying issues, please help!

Unread postby madmattius » July 29th, 2007, 11:22 am

I think that I have been infected with som kind of Malare or adware which I can not remove. Everytime Internet Explorer or Firefox launches, I keep getting other windows for various advertisments pop up and ask me to install their software. I have scanned my computer with McAfee and AdAware but the problem keeps reoccuring. Any advice or solutions will be greatly recieved.

Hijackthis report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:56, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\aqhvfsjr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\hnhhowtq.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0284861185638675) (0284861185638675mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028486~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Many Thanks
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am
Advertisement
Register to Remove

Unread postby beynac » July 29th, 2007, 11:45 am

Good afternoon.

VundoFix

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will create a report named vundofix.txt on your main drive (C:\vundofix.txt)
Note: It is possible that VundoFix may encounter a file it cannot remove.
In this case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

--------------------------------------------

Please run HijackThis again and post the following as a reply to this thread:
  • The VundoFix report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby madmattius » July 29th, 2007, 12:01 pm

thanks for a quick response!
Here are the reports

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 16:47:54 29/07/2007

Listing files found while scanning....

C:\windows\system32\aqhvfsjr.exe
C:\WINDOWS\system32\cbxwutu.dll
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\sovfxagk.dll

Beginning removal...

Attempting to delete C:\windows\system32\aqhvfsjr.exe
C:\windows\system32\aqhvfsjr.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\cbxwutu.dll
C:\WINDOWS\system32\cbxwutu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\dccdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sovfxagk.dll
C:\WINDOWS\system32\sovfxagk.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\aqhvfsjr.exe
C:\windows\system32\aqhvfsjr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwutu.dll
C:\WINDOWS\system32\cbxwutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

and

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:44, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\fxmorguc.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FEFB0000-8432-4DEA-B6EE-F853B87C440B} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\hnhhowtq.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby beynac » July 29th, 2007, 12:28 pm

VundoFix didn't get everything, so I would like you to run ComboFix. This will, hopefully sweep up the last remaining Vundo items and will also give me some useful information about the computer.

---------------------------------------------

ComboFix by sUBs
  • Download this file - ComboFix.exe
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

-------------------------------------------

Please run HijackThis again and post the following, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby madmattius » July 29th, 2007, 12:49 pm

This is the combofix log

"Matt" - 2007-07-29 17:43:28 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll
C:\Program Files\screensavers.com\SSSUninst.exe
C:\WINDOWS\system32\dhflmtrp.exe
C:\WINDOWS\system32\diauwkca.exe
C:\WINDOWS\system32\fgpowign.exe
C:\WINDOWS\system32\fjjjxkfo.exe
C:\WINDOWS\system32\nlkjsefn.exe
C:\WINDOWS\system32\nuxahrpf.exe
C:\WINDOWS\system32\vudxdmsp.exe


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 17:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 16:47 <DIR> d-------- C:\VundoFix Backups
2007-07-29 12:50 126,016 --a------ C:\WINDOWS\system32\hnhhowtq.dll
2007-07-27 23:31 69,184 --a------ C:\WINDOWS\system32\fxmorguc.dll
2007-07-27 15:37 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-07-27 15:36 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-07-27 15:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 15:07 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Lavasoft
2007-07-27 15:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 23:30 69,184 --a------ C:\WINDOWS\system32\ylbgtovr.dll
2007-07-26 10:49 709,019 ---hs---- C:\WINDOWS\system32\orutv.ini2
2007-07-26 10:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-26 10:23 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-25 23:33 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-25 02:30 718,356 ---hs---- C:\WINDOWS\system32\orutv.bak2
2007-07-24 16:03 <DIR> d-------- C:\Program Files\Global Star Software
2007-07-24 14:30 6,471 ---hs---- C:\WINDOWS\system32\orutv.bak1
2007-07-24 14:24 4,733,440 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-07-24 14:24 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-07-24 14:24 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-07-21 02:07 <DIR> d-------- C:\DOCUME~1\Matt\Guest
2007-07-20 22:39 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-07-20 22:39 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2007-07-20 22:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-07-20 22:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-07-20 22:39 <DIR> d-------- C:\SIMTOWER
2007-07-20 22:39 <DIR> d-------- C:\DOCUME~1\Matt\WINDOWS
2007-07-20 22:06 <DIR> d-------- C:\Program Files\100proof
2007-07-19 16:35 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\EPSON
2007-07-18 13:53 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-07-18 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-07-18 13:30 92,240 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-07-18 13:30 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2007-07-18 13:30 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-07-18 13:30 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2007-07-18 13:30 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-07-18 13:30 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2007-07-18 13:30 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2007-07-18 13:30 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-07-18 13:30 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2007-07-18 13:30 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2007-07-18 13:30 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-07-18 13:30 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-07-18 13:30 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-07-18 13:30 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-07-18 13:30 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-07-18 13:29 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
2007-07-18 13:29 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
2007-07-18 13:29 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-07-18 13:29 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
2007-07-18 13:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-18 13:28 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-07-18 13:28 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-07-18 13:28 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-07-18 13:28 <DIR> d-------- C:\Program Files\epson
2007-07-18 12:33 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-18 12:33 42,752 -ra------ C:\WINDOWS\system32\drivers\ser2pl.sys
2007-07-18 12:33 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-18 12:33 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-18 12:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-17 02:11 <DIR> d-------- C:\Program Files\Oxin's Style!
2007-07-16 23:48 <DIR> d-------- C:\Program Files\Atari
2007-07-16 23:36 <DIR> d-------- C:\Program Files\Infogrames
2007-07-16 00:30 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-16 00:27 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 23:46 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-07 23:42 <DIR> d-------- C:\Program Files\GameShadow
2007-07-07 23:41 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-07 23:41 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-07 23:41 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-07 23:41 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-07 23:41 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-07 23:41 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-07 23:41 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-07 22:28 <DIR> d-------- C:\Program Files\Battlestations Midway
2007-07-02 20:30 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Leadertech
2007-06-29 14:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Real
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-29 14:00 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Real
2007-06-29 13:55 <DIR> d-------- C:\My Downloads


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 15:53:54 -------- d-----w C:\Program Files\McAfee
2007-07-28 01:45:00 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-07-26 09:15:33 -------- d-----w C:\Program Files\Online Services
2007-07-25 22:52:30 -------- d-----w C:\Program Files\Windows NT
2007-07-24 15:05:05 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-18 12:36:53 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-15 23:36:00 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\OfficeUpdate12
2007-06-21 23:45:01 -------- d-----w C:\Program Files\uTorrent
2007-06-21 23:37:39 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\LimeWire
2007-06-19 14:22:12 -------- d-----w C:\Program Files\horseExpress
2007-06-14 00:45:38 -------- d-----w C:\Program Files\gPhotoshow
2007-06-14 00:42:33 194,560 ----a-w C:\WINDOWS\system32\Sailboats_Screensaver.scr
2007-06-14 00:41:49 89,088 ----a-w C:\WINDOWS\system32\Unzdll.dll
2007-06-14 00:20:47 -------- d-----w C:\Program Files\Snapshot Viewer
2007-06-13 09:20:43 -------- d-----w C:\Program Files\Paint.NET
2007-06-13 08:54:51 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Ahead
2007-06-13 08:51:39 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\DivX
2007-06-13 05:44:21 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Help
2007-06-13 03:53:01 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-13 03:52:06 -------- d-----w C:\Program Files\MSBuild
2007-06-13 03:47:43 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-13 03:12:49 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Skype
2007-06-13 03:10:53 -------- d-----w C:\Program Files\Skype
2007-06-13 03:10:47 -------- d-----w C:\Program Files\Common Files\Skype
2007-06-13 02:52:27 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-13 02:40:34 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-13 02:39:15 -------- d-----w C:\Program Files\Nero
2007-06-13 02:32:47 -------- d-----w C:\Program Files\DivX
2007-06-13 02:24:54 -------- d-----w C:\Program Files\LimeWire
2007-06-13 02:22:19 -------- d-----w C:\Program Files\3ivx
2007-06-13 02:06:31 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\AdobeAUM
2007-06-13 02:06:29 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\AdobeUM
2007-06-13 01:34:26 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-13 01:28:06 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Microsoft Web Folders
2007-06-13 01:21:10 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Teleca
2007-06-13 01:17:26 -------- d-----w C:\Program Files\ViviCam X325 Camera Manual
2007-06-13 01:15:14 -------- d-----w C:\Program Files\ViviCam X325 Digital Camera
2007-06-13 01:02:05 -------- d-----w C:\Program Files\Disc2Phone
2007-06-13 01:00:22 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Sony Ericsson
2007-06-13 00:58:37 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-06-13 00:58:06 -------- d-----w C:\Program Files\Sony Ericsson
2007-06-13 00:36:55 -------- d-----w C:\Program Files\Messenger
2007-06-13 00:24:42 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-13 00:15:59 816 ----a-w C:\WINDOWS\system32\unins000.dat
2007-06-13 00:15:52 -------- d-----w C:\Program Files\WallpaperToy
2007-06-13 00:12:31 -------- d-----w C:\Program Files\MSN Messenger
2007-06-12 23:52:20 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\Apple Computer
2007-06-12 23:52:10 -------- d-----w C:\Program Files\iTunes
2007-06-12 23:51:55 -------- d-----w C:\Program Files\iPod
2007-06-12 23:51:24 -------- d-----w C:\Program Files\QuickTime
2007-06-12 23:50:16 -------- d-----w C:\Program Files\Apple Software Update
2007-06-12 23:23:53 -------- d-----w C:\Program Files\Common Files\McAfee
2007-06-12 23:22:05 -------- d-----w C:\Program Files\McAfee.com
2007-06-12 23:04:52 -------- d-----w C:\Program Files\Modem Helper
2007-06-12 23:03:44 -------- d-----w C:\Program Files\Dell
2007-06-12 23:00:36 -------- d-----w C:\DOCUME~1\Matt\APPLIC~1\ATI
2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_1501.MRK
2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_1501.MRK
2007-06-12 22:54:47 -------- d-----w C:\Program Files\CONEXANT
2007-06-12 22:53:55 -------- d-----w C:\Program Files\DIFX
2007-06-12 22:49:59 -------- d-----w C:\Program Files\SigmaTel
2007-06-12 22:46:54 -------- d-----w C:\Program Files\Broadcom
2007-06-12 22:46:03 -------- d-----w C:\Program Files\Synaptics
2007-06-12 22:45:23 -------- d-----w C:\Program Files\AMD
2007-06-12 22:43:36 -------- d-----w C:\Program Files\ATI Technologies
2007-06-12 22:10:34 0 --sha-r C:\MSDOS.SYS
2007-06-12 22:10:34 0 --sha-r C:\IO.SYS
2007-06-12 22:10:34 0 ----a-w C:\CONFIG.SYS
2007-06-12 22:10:34 0 ----a-w C:\AUTOEXEC.BAT
2007-06-12 22:08:41 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-12 22:07:38 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-12 22:07:25 -------- d-----w C:\Program Files\Movie Maker
2007-06-12 22:05:42 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-12 22:04:41 -------- d-----w C:\Program Files\Windows Plus
2007-06-12 22:02:23 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-12 14:49:34 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-12 14:49:30 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-21 18:36:16 524,288 ----a-w C:\WINDOWS\opuc.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-27 23:31 69184 --a------ C:\WINDOWS\system32\fxmorguc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEFB0000-8432-4DEA-B6EE-F853B87C440B}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 19:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 22:19 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-24 00:14]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-18 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 17:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-02 00:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 11:06]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 01:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 07:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 23:40]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 02:40]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-04-10 19:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 20:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 00:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
C:\WINDOWS\system32\vturo.dll

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
R3 HSXHWAZL;HSXHWAZL;C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
S3 DCamUSBNovatek;ViviCam X325 Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-06-12 23:50:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-12 23:22:14 C:\WINDOWS\tasks\McDefragTask.job
2007-06-12 23:22:12 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 17:46:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\n\21]
"DisplayName"="\x5938\x74d\x5938\x74d\1"
"DeviceDesc"="\x5938\x74d\x5938\x74d\1"
"ProviderName"="\x27d4\21\xee18\x7c90\x2844\21\b"
"MFG"="\x54c"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xa14\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\dell\drivers\r134875\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 17:47:26
C:\ComboFix-quarantined-files.txt ... 2007-07-29 17:47
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby madmattius » July 29th, 2007, 12:50 pm

and the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\fxmorguc.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FEFB0000-8432-4DEA-B6EE-F853B87C440B} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10311 bytes
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby beynac » July 29th, 2007, 1:52 pm

I'm looking through your ComboFix log now. In the meantime, could you please run VundoFix again.

VundoFix.exe
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will create a report named vundofix.txt on your main drive (C:\vundofix.txt)
Note: It is possible that VundoFix may encounter a file it cannot remove.
In this case, VundoFix will run on reboot. Simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please post the VundoFix report as a reply to this thread.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby beynac » July 29th, 2007, 5:13 pm

We're getting there! :)

Once you have run VundoFix again, as in my previous post, please do the following:

----------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\fxmorguc.dll
<< This may have "(file missing)" >>
O2 - BHO: (no name) - {FEFB0000-8432-4DEA-B6EE-F853B87C440B} - C:\WINDOWS\system32\ddccd.dll (file missing)
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)


Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

----------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\hnhhowtq.dll
C:\WINDOWS\system32\fxmorguc.dll
C:\WINDOWS\system32\ylbgtovr.dll
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.bak1


Save this on your Desktop as CFScript.txt

Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

-----------------------------------------

Please post, as a reply to this thread (you may need more than one post):
  • The VundoFix report
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby madmattius » July 29th, 2007, 7:19 pm

thanks, here are the logs
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:53, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10031 bytes

Vundofix:

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 23:58:44 29/07/2007

Listing files found while scanning....

No infected files were found.

and combofix:
"Matt" - 2007-07-30 0:12:36 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Matt\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fxmorguc.dll
C:\WINDOWS\system32\hnhhowtq.dll
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\ylbgtovr.dll


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 17:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 16:47 <DIR> d-------- C:\VundoFix Backups
2007-07-27 15:37 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-07-27 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-07-27 15:36 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-07-27 15:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 15:07 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Lavasoft
2007-07-27 15:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 10:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-26 10:23 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-25 23:33 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-24 16:03 <DIR> d-------- C:\Program Files\Global Star Software
2007-07-24 14:24 4,733,440 --a------ C:\WINDOWS\3D Fish School 3.scr
2007-07-24 14:24 118,784 --a------ C:\WINDOWS\dx7ogl32.dll
2007-07-24 14:24 <DIR> d-------- C:\Program Files\3D Fish School 3
2007-07-21 02:07 <DIR> d-------- C:\DOCUME~1\Matt\Guest
2007-07-20 22:39 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-07-20 22:39 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2007-07-20 22:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-07-20 22:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-07-20 22:39 <DIR> d-------- C:\SIMTOWER
2007-07-20 22:39 <DIR> d-------- C:\DOCUME~1\Matt\WINDOWS
2007-07-20 22:06 <DIR> d-------- C:\Program Files\100proof
2007-07-19 16:35 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\EPSON
2007-07-18 13:53 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-07-18 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-07-18 13:30 92,240 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-07-18 13:30 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2007-07-18 13:30 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-07-18 13:30 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2007-07-18 13:30 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-07-18 13:30 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2007-07-18 13:30 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2007-07-18 13:30 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-07-18 13:30 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2007-07-18 13:30 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2007-07-18 13:30 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-07-18 13:30 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-07-18 13:30 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-07-18 13:30 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-07-18 13:30 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-07-18 13:30 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-07-18 13:30 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-07-18 13:29 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
2007-07-18 13:29 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
2007-07-18 13:29 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-07-18 13:29 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
2007-07-18 13:29 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-18 13:28 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-07-18 13:28 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-07-18 13:28 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-07-18 13:28 <DIR> d-------- C:\Program Files\epson
2007-07-18 12:33 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-18 12:33 42,752 -ra------ C:\WINDOWS\system32\drivers\ser2pl.sys
2007-07-18 12:33 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-18 12:33 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-18 12:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-17 02:11 <DIR> d-------- C:\Program Files\Oxin's Style!
2007-07-16 23:48 <DIR> d-------- C:\Program Files\Atari
2007-07-16 23:36 <DIR> d-------- C:\Program Files\Infogrames
2007-07-16 00:30 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-16 00:27 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 23:46 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-07 23:42 <DIR> d-------- C:\Program Files\GameShadow
2007-07-07 23:41 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-07 23:41 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-07 23:41 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-07 23:41 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-07 23:41 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-07 23:41 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-07 23:41 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-07 22:28 <DIR> d-------- C:\Program Files\Battlestations Midway
2007-07-02 20:30 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Leadertech
2007-06-29 14:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Real
2007-06-29 14:00 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-29 14:00 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Real
2007-06-29 13:55 <DIR> d-------- C:\My Downloads
2007-06-22 00:45 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\uTorrent
2007-06-22 00:44 <DIR> d-------- C:\Program Files\uTorrent
2007-06-19 14:50 <DIR> d-------- C:\Program Files\horseExpress
2007-06-14 13:39 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-14 13:39 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-14 13:39 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-14 13:39 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-14 13:39 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-14 13:39 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-14 13:39 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-14 13:39 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-14 01:45 397,312 --a------ C:\WINDOWS\system32\GPhotoShow.scr
2007-06-14 01:44 <DIR> d-------- C:\Program Files\gPhotoshow
2007-06-14 01:42 194,560 --a------ C:\WINDOWS\system32\Sailboats_Screensaver.scr
2007-06-14 01:42 <DIR> d-------- C:\WINDOWS\system32\Sailboats_Screensaver dir
2007-06-14 01:42 <DIR> d-------- C:\Screensavers.com
2007-06-14 01:41 89,088 --a------ C:\WINDOWS\system32\Unzdll.dll
2007-06-14 01:41 1,600,799 --a------ C:\WINDOWS\system32\sailing.scr


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_1501.MRK
2007-06-12 22:58:38 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_1501.MRK
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-21 18:36:16 524,288 ----a-w C:\WINDOWS\opuc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 19:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 22:19 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-24 00:14]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-18 00:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 17:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-02 00:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 11:06]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 01:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 07:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 23:40]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 02:40]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-04-10 19:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 20:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 00:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
C:\WINDOWS\system32\vturo.dll

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
R3 HSXHWAZL;HSXHWAZL;C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
S3 DCamUSBNovatek;ViviCam X325 Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-12 23:50:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-12 23:22:14 C:\WINDOWS\tasks\McDefragTask.job
2007-06-12 23:22:12 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 00:14:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\n\21]
"DisplayName"="\x5938\x74d\x5938\x74d\1"
"DeviceDesc"="\x5938\x74d\x5938\x74d\1"
"ProviderName"="\x27d4\21\xee18\x7c90\x2844\21\b"
"MFG"="\x54c"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xa14\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\dell\drivers\r134875\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 0:15:33
C:\ComboFix-quarantined-files.txt ... 2007-07-30 00:15

--- E O F ---
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby beynac » July 30th, 2007, 4:32 am

Good morning.

That looks a lot better, but one of the lines in the HijackThis 'fix' is still there. Let's try again. Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

--------------------------------------------------

You are running the latest version of Java but VundoFix is reporting an old version. We therefore need to uninstall any old versions. Please go to Start -> Control Panel -> Add or Remove Programs and uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE) except Java(TM) 6 Update 2.

--------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
--------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
----------------------------------------------

Reboot in Normal Mode.

---------------------------------------------------

Please post, as a reply to this thread:
  • The AVG Anti-Spyware report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby madmattius » July 30th, 2007, 7:43 pm

thanlks for your help, here are the logs:

avg:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:29:36 31/07/2007

+ Scan result:



C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP115\A0011388.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP115\A0011389.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP115\A0011390.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP115\A0011391.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP115\A0011392.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP116\A0011425.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\VundoFix Backups\aqhvfsjr.exe.bad -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6B5EDABF-9CF8-4D6A-AA8C-1FCCECC71298}\RP50\A0003130.exe -> Dropper.Small : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.486:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.218:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.219:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.220:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.239:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.221:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.28:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.31:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.34:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.127:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.349:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.350:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.380:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.381:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.382:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\igcxe6ik.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.


::Report end

and hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:39:37, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Download\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2 ... Portal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1775593296
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0001581185820653) (0001581185820653mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000158~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10579 bytes

hopefully we are near the end!!
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby beynac » July 31st, 2007, 3:46 am

Good morning.

hopefully we are near the end!!

Yup - I think that we've done it! :D

The logs are both clean, so we've just got a bit of tidying up to do. You can delete the following:
  • VundoFix and its log
  • ComboFix and its log
I suggest that you keep ATF Cleaner and AVG Anti-Spyware as they are useful programs.

-------------------------------------

Flush System Restore

We need to 'flush' your System Restore points and create a new clean one.

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
------------------------------------------------

Have a look at this article, How to prevent Malware by miekiemoes, which gives some very good advice.

Please let me know whether you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby madmattius » July 31st, 2007, 8:35 am

Thanks very much, your help has been invaluable and very much appreciated! :D
madmattius
Active Member
 
Posts: 7
Joined: July 29th, 2007, 11:15 am

Unread postby beynac » July 31st, 2007, 9:52 am

You're welcome. I'm glad that we were able to help. :)
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Elrond » July 31st, 2007, 10:45 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware