Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Woes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Woes

Unread postby Digitalmoth » August 12th, 2006, 6:52 pm

After finding out my brother's computer had no-up-to-date anti virus software I decided to install Kaspersky's anti-virus program. In the process of doing this I removed the old Norton from his PC, and it all went downhill from there.

Norton had problems uninstalling, blocking it's own script from running then freezing up the computer. Upon rebooting, the uninstall went fine, but now there were problems of browser hijacks. So I ran Spybot, Ad-aware, and updated spyware blaster. I cringed at the results of over a 100 critical objects in ad-aware. Apparently he never bothered to run the software.

After all the scans were done, I installed Kaspersky successfully and had it run a scan also. After all is said and done I'm still left with problems, what appears to be Look2me modules and files. None of the programs were able to delete them.

While watching one of the scans I also noticed an unfamiliar directory within his Doc's and Settings folder.

C:\Documents and Settings\Owner\Complete

I attempted to locate it, but the folder wasn't visible. Turned on "show all hidden folders" and still couldn't find it. I resorted to typing the path into the address bar. What I found were about 100+ zip files, all ranging from 200kb to 750kb in file size. This leads me to believe that he is being used as some sort of data dump, for whomever had placed the files there. Not certain if that was the only folder that was hidden, would you happen to know of a prog that can show these hidden folders or map the C Drive?

Here's the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:23:20 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\{E4FDC6FC-0958-1033-1202-030709040001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [pdshwfmA] C:\WINDOWS\pdshwfmA.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [umiu] C:\PROGRA~1\COMMON~1\umiu\umium.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2983318520
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\lv4o09h3e.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Digitalmoth
Active Member
 
Posts: 3
Joined: August 12th, 2006, 3:13 pm
Location: NY
Advertisement
Register to Remove

Unread postby Digitalmoth » August 12th, 2006, 7:57 pm

Update on the hidden folders:

I'm not certain if this will allow me to find all of the hidden folders, but I was able to finally see the "Complete" folder after unchecking "Hide protected operating system files (recommended)".
Digitalmoth
Active Member
 
Posts: 3
Joined: August 12th, 2006, 3:13 pm
Location: NY

Unread postby Digitalmoth » August 12th, 2006, 11:40 pm

After a lengthy conversation with my brother about how not to contract any more malware, he told me it was possible to just reformat and reinstall windows.
My apologies for taking up anyones time in reading this thread.
Digitalmoth
Active Member
 
Posts: 3
Joined: August 12th, 2006, 3:13 pm
Location: NY

Unread postby NonSuch » August 13th, 2006, 3:14 am

No problem. :)

As this issue appears to be resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware