Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Securepccleaner Popup, Help Please


  • Please log in to reply
3 replies to this topic

#1 qwert555

qwert555

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 26 August 2007 - 10:26 PM

\
It seems Secure PC Cleaner has infected my computer and I cannot get rid of it. Whenever I am trying to browse most sites with stream videos this would always pop up.
I am also getting an error that says that Hijack my system has denied access to my host files and that if that happens I need to edit the file myself.
And another error that says: "An unexpected error has occured at procedure:modMain_CheckOther1Item()
Error #75 - Path/File access error..."
The rest of the message says to email Merjin, Also I have noticed it does not say my correct windows version, it says:"Windows NT 6.00.1904"


Logfile of HijackThis v1.99.1
Scan saved at 8:20:42 PM, on 8/26/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Kevin\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 207.210.93.28 game01.us.segaonline.jp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {47C54F02-1B28-45F1-AE46-B5CDFB6E7926} - C:\WINDOWS\DUOCORE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MenaceFighter] C:\Program Files\MenaceFighter\GDC.exe
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: wmpenv - {7E5404E2-0519-445B-B4D1-D4FD1B7AFB14} - C:\Windows\wmpenv.dll
O21 - SSODL: wmpconf - {0F97E2DF-101D-496D-BC44-193C77F48B3A} - C:\Windows\wmpconf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Please note I am using Windows Vista and not XP

Thanks In advance.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 August 2007 - 04:55 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum qwert555 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First enable the viewing of hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
3. Click on the Control Panel menu option.
4. When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
1. Double-click on the Folder Options icon.
2. Click on the View tab.
3. Go to step 5.

If you are in the Control Panel Home view do the following:
1. Click on the Appearance and Personalization link .
2. Click on Show Hidden Files or Folders.
3. Go to step 5.

5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and shutdown My Computer.
9. Now Windows Vista is configured to show all hidden files.

We now need to flush System Restore.

Turn off Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer.

Turn on Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete the following if present:

C:\WINDOWS\DUOCORE.DLL
C:\Windows\wmpenv.dll
C:\Windows\wmpconf.dll
C:\Program Files\MenaceFighter
C:\Program Files\SecurePCCleaner

Restart your pc normally.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#3 qwert555

qwert555
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 29 August 2007 - 01:44 AM

Hey thanks a lot man, you helped a bunch. I never realized that I had these viruses and my other software couldn't detect them (Trend Micro PC-cillin Internet Security 14)

Here is the log from SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/28/2007 at 11:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3290
Trace Rules Database Version: 1301

Scan type : Complete Scan
Total Scan Time : 00:56:47

Memory items scanned : 713
Memory threats detected : 0
Registry items scanned : 8082
Registry threats detected : 56
File items scanned : 69302
File threats detected : 16

Trojan.Net-MSV/VPS
HKLM\Software\Classes\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\InprocServer32#ThreadingModel
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\ProgID
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\Programmable
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\TypeLib
HKCR\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}\VersionIndependentProgID
C:\WINDOWS\DUOCORE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Trojan.VideoCach/Gen
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Control
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32#ThreadingModel
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus\1
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ProgID
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ToolboxBitmap32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\TypeLib
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Version
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}\InprocServer32
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\0\win32
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\FLAGS
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid32
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib#Version
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid32
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib#Version

Trojan.Net-WMP/NMC
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#wmpenv [ {7E5404E2-0519-445B-B4D1-D4FD1B7AFB14} ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#wmpconf [ {0F97E2DF-101D-496D-BC44-193C77F48B3A} ]

Trojan.Net-MSV/VPS-G
C:\$RECYCLE.BIN\S-1-5-21-1106245472-2722690690-1215228562-1001\$R5MEE7B.DLL

Trojan.Downloader/Media-Codec
C:\PROGRAM FILES\VIDEOACCESSCODEC\VIDEOACCESSCODEC.OCX

Adware.Tracking Cookie
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@pornotube[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@2o7[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@ad.yieldmanager[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@ar.atwola[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@atdmt[2].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@atwola[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@clickaider[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@doubleclick[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@ezzs.valueclick[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@fastclick[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@paypal.112.2o7[1].txt
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\Low\kevin@valueclick[1].txt

THANKS! :thumbsup: , Should I just reply if anything where to go wrong again?

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 29 August 2007 - 05:10 AM

Post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users