Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan/Virus still remains after your help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan/Virus still remains after your help

Unread postby makem » January 3rd, 2008, 7:41 pm

I forgot to metion that the version is 6.0.2900.2180.xpsp_sp2_gdr.070227-2254

This version is working fine on 2 other machines.
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm
Advertisement
Register to Remove

Re: Trojan/Virus still remains after your help

Unread postby Trogan » January 4th, 2008, 8:45 am

Hmmm...

Please go and read the following at Microsoft's Knowledge Base. Have a look at Methods 1 and 4 please.

Let me know if that helps.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 10:55 am

I tried method 4 which did not work. I installed IE7 which gives the error:

Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

I tried to access this web page also.
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 11:13 am

Network Diagnostics gives this result:

Network Adapters FAILED
[00000001] Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) (FAILED)
Caption = [00000001] Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
DatabasePath = %SystemRoot%\System32\drivers\etc
DefaultIPGateway = 192.168.1.1(Same Subnet) (PASSED)
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Description = ASUSTeK/Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DHCPEnabled = TRUE
DHCPLeaseExpires = 03:14:07 19/01/2038
DHCPLeaseObtained = 11:31:52 04/12/2007
DHCPServer = 192.168.1.1 (PASSED)
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
DNSEnabledForWINSResolution = FALSE
DNSHostName = hal
DNSServerSearchOrder = 192.168.1.1 (PASSED)
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Reply from 192.168.1.1: bytes=32 time<1ms TTL=0
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
DomainDNSRegistrationEnabled = FALSE
FullDNSRegistrationEnabled = TRUE
GatewayCostMetric = 20
Index = 1
IPAddress = 192.168.1.7 (FAILED)
Pinging 192.168.1.7 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.7:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
IPConnectionMetric = 20
IPEnabled = TRUE
IPFilterSecurityEnabled = FALSE
IPSecPermitIPProtocols = 0
IPSecPermitTCPPorts = 0
IPSecPermitUDPPorts = 0
IPSubnet = 255.255.255.0
IPXEnabled = FALSE
MACAddress = 00:E0:18:EE:0C:50
ServiceName = AN983
SettingID = {AC8CE051-E176-4AFF-AAF7-35FE6C1D9282}
TcpipNetbiosOptions = 1
WINSEnableLMHostsLookup = TRUE
[00000010] ASUSTeK/Broadcom 440x 10/100 Integrated Controller (FAILED)

The ASUSTeK/Broadcom 440x 10/100 Integrated Controller is active and being used now.

The Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) is manually disabled.
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 11:40 am

After 2 reboots while I was checking network settings, IE7 is working correctly. I am doing to Kapersky scan now.
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 2:25 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 04, 2008 6:22:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/01/2008
Kaspersky Anti-Virus database records: 502461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
J:\
K:\
Z:\

Scan Statistics:
Total number of scanned objects: 118014
Number of viruses found: 5
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 02:26:59

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Downloads\DCC\Sysreset\Ci2e\mIRC\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Downloads\DCC\Sysreset\Ci2e\mIRC\mirc616.exe mIRC: infected - 1 skipped
D:\Downloads\DCC\Sysreset\Ci2e\mIRC.rar/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Downloads\DCC\Sysreset\Ci2e\mIRC.rar/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Downloads\DCC\Sysreset\Ci2e\mIRC.rar RAR: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\cert8.db Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\formhistory.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\history.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\key3.db Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\parent.lock Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\search.sqlite Object is locked skipped
F:\Documents and Settings\makem.HAL\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\urlclassifier2.sqlite Object is locked skipped
F:\Documents and Settings\makem.HAL\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\Cache\_CACHE_001_ Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\Cache\_CACHE_002_ Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\Cache\_CACHE_003_ Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\hmdx9pjg.default\Cache\_CACHE_MAP_ Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\History\History.IE5\MSHist012008010420080105\index.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Temp\~DF4D47.tmp Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Temp\~DF5D2F.tmp Object is locked skipped
F:\Documents and Settings\makem.HAL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\makem.HAL\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\makem.HAL\NTUSER.DAT.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Program Files\Agnitum\Outpost Firewall\op_data.ldb Object is locked skipped
F:\Program Files\Agnitum\Outpost Firewall\op_data.mdb Object is locked skipped
F:\Program Files\geordies_mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\Program Files\new_zone_mIRC\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
F:\Program Files\new_zone_mIRC\mIRC\mirc.exe.bak Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
F:\Program Files\tbsg_mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\Program Files\tz_mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\Program Files\zone_mIRC\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
F:\Program Files\zone_mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\WINDOWS\CSC\00000001 Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\EventCache\{EE9A78C5-F20C-4BB9-B363-3969C42F67E9}.bin Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\Sti_Trace.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\Internet.evt Object is locked skipped
F:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
F:\WINDOWS\system32\config\OSession.evt Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\Temp\JETECE0.tmp Object is locked skipped
F:\WINDOWS\Temp\Perflib_Perfdata_68c.dat Object is locked skipped
F:\WINDOWS\wiadebug.log Object is locked skipped
F:\WINDOWS\wiaservc.log Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\My Documents\warez info\tbsg setup\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\My Documents\warez info\tbsg setup\mirc616.exe mIRC: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Archive\Communicate\IRC\3rdWave IRC Script\3rdWave[1.71-6.12].rar/3rdWave[1.71-6.12]/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
H:\Archive\Communicate\IRC\3rdWave IRC Script\3rdWave[1.71-6.12].rar RAR: infected - 1 skipped
H:\Archive\Communicate\IRC\Keymakers\MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME.zip/MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME/ac-mrc61.zip/mirc61.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
H:\Archive\Communicate\IRC\Keymakers\MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME.zip/MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME/ac-mrc61.zip/mirc61.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
H:\Archive\Communicate\IRC\Keymakers\MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME.zip/MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME/ac-mrc61.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.61 skipped
H:\Archive\Communicate\IRC\Keymakers\MIRC.v6.1.Incl.Keymaker.READ.NFO.REPACK-ACME.zip ZIP: infected - 3 skipped
H:\Archive\Communicate\IRC\mIRC\mIRC6.16 with ssl dlls\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
H:\Archive\Communicate\IRC\mIRC\mIRC6.16 with ssl dlls\mirc616.exe mIRC: infected - 1 skipped
H:\Archive\Communicate\IRC\mIRC\tbsg\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
H:\Archive\Communicate\IRC\mIRC\tbsg\mirc616.exe mIRC: infected - 1 skipped
H:\Archive\Communicate\IRC\TriviBot\trivbot2001v2_4.zip/trivbot2001v2/MIRC32.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.561 skipped
H:\Archive\Communicate\IRC\TriviBot\trivbot2001v2_4.zip ZIP: infected - 1 skipped

Scan process completed.
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby Trogan » January 4th, 2008, 2:44 pm

Hi,

Click Start > Run > type: combofix /u > Press OK. This will uninstall ComboFix.

Did you download mIRC? Do you know why the program is in several different folders?

D:\Downloads\DCC\Sysreset\Ci2e\mIRC\mirc616.exe
F:\Program Files\geordies_mIRC\mirc.exe
F:\Program Files\new_zone_mIRC\mIRC\mirc.exe
F:\Program Files\tbsg_mIRC\mirc.exe
F:\Program Files\tz_mIRC\mirc.exe
F:\Program Files\zone_mIRC\mIRC\mirc.exe
G:\My Documents\warez info\tbsg setup\mirc616.exe

Let me know if they are OK and post a new HijackThis log.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 3:20 pm

Combofix uninstalled.

Yes I downloaded mIRC from http://www.mirc.com. I know why there are instances in those places.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:50, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\WINDOWS\system32\dlcfcoms.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Agnitum\Outpost Firewall\outpost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\makem.HAL\Desktop\FireFox Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - F:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Cmaudio] -RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] -F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] -F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] -SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLCFCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] -"F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - F:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0175246499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0177533779
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - F:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - -"F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcf_device - - F:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - F:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - -F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"F:\Program Files\MSN Messenger\usnsvc.exe" (file missing)

--
End of file - 8911 bytes
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby Trogan » January 4th, 2008, 3:33 pm

The HijackThis log is clean. How is the computer?
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Re: Trojan/Virus still remains after your help

Unread postby makem » January 4th, 2008, 3:44 pm

Computer is fine now. Thanks for your speedy professional help.

My daughter has just brought her friends box but there is so much crap on it that it takes 15 min before you can do anything. I am not going to bother you - reinstall time!
makem
Regular Member
 
Posts: 45
Joined: November 10th, 2007, 3:31 pm

Re: Trojan/Virus still remains after your help

Unread postby Trogan » January 4th, 2008, 4:06 pm

You're welcome! :)

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. See Nellie2's blog here or post in our dedicated forum here
The infection you had was ......
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware