Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo And Virtumonde


  • This topic is locked This topic is locked
4 replies to this topic

#1 Raej

Raej

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 10 July 2008 - 11:58 AM

Hello my computer is going ridiculously slow and I have tons of pop ups referring to computer scanners and virus cleaners and what not when surfing the internet.
I ran ccleaner to get rid of all the junk files and garbage, then I did a spybot s&d scan, cleared those viruses, restarted. Then I did a ad-aware scan removed all of those, restarted. Then ended it with a bit defender full scan, I found Vundo on this scan and couldn't remove it so I placed it in quarantine I then restarted.

None of these seem to help so now I resort for your help.

DSS LOG

Deckard's System Scanner v20071014.68
Run by Robin on 2008-07-10 12:41:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
24: 2008-07-10 16:28:45 UTC - RP2130 - Deckard's System Scanner Restore Point
23: 2008-07-10 14:02:48 UTC - RP2129 - Installed Java™ 6 Update 7
22: 2008-07-10 14:02:37 UTC - RP2128 - Installed BitDefender Total Security 2008
21: 2008-07-10 12:02:07 UTC - RP2127 - Installed BitDefender Total Security 2008
20: 2008-07-10 05:39:22 UTC - RP2126 - Installed BitDefender Total Security 2008


-- First Restore Point --
1: 2008-05-31 20:19:03 UTC - RP2107 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Robin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:54 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Robin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robin.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.shutterfly.com/brands/DELL/redir.jsp
O2 - BHO: (no name) - {0196822F-2120-48AF-89F3-20D1930D0F1E} - C:\WINDOWS\system32\yayyXOHx.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {946b4c53-bfa9-ecbb-c274-d378b9c33938} - {83933c9b-873d-472c-bbce-9afb35c4b649} - C:\WINDOWS\system32\xrdgqq.dll (file missing)
O2 - BHO: (no name) - {98F1CAF7-9C0E-45AA-83AD-5F7451DE6A41} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E6D4EF2E-A54D-4C67-BACF-919743004D92} - C:\WINDOWS\system32\vtutustT.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BMabb05038] Rundll32.exe "C:\WINDOWS\system32\riqrilym.dll",s
O4 - HKLM\..\Run: [a88363a4] rundll32.exe "C:\WINDOWS\system32\vhjygjcw.dll",b
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: a883630b368 - C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: cbXPjIxv - cbXPjIxv.dll (file missing)
O20 - Winlogon Notify: fccyyax - fccyyax.dll (file missing)
O20 - Winlogon Notify: __c0092890 - C:\WINDOWS\system32\__c0092890.dat (file missing)
O20 - Winlogon Notify: __c00E3290 - C:\WINDOWS\system32\__c00E3290.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

--
End of file - 5649 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" <Not Verified; Networks Associates Technologies, Inc.; McAfee VirusScan>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2002-04-02 19:08:26 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2002-04-02 19:08:26 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2002-04-02 19:08:26 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 12:35:48 0 d-------- C:\Program Files\Trend Micro
2008-07-10 10:08:55 0 d-------- C:\WINDOWS\Sun
2008-07-10 10:08:55 0 d-------- C:\Documents and Settings\Robin\Application Data\Sun
2008-07-10 10:03:35 0 d-------- C:\Program Files\Java
2008-07-10 10:02:59 0 d-------- C:\Program Files\Common Files\Java
2008-07-10 09:28:48 0 d-------- C:\VundoFix Backups
2008-07-10 08:13:27 0 d-------- C:\Documents and Settings\Robin\Application Data\BitDefender
2008-07-10 08:13:20 354 ---hs---- C:\WINDOWS\system32\wcjgyjhv.ini2
2008-07-10 08:09:02 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-10 08:09:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-10 08:09:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-10 08:09:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-10 08:09:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-10 08:09:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-10 08:09:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-10 08:09:02 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-10 08:09:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-10 08:09:02 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-10 08:09:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-10 08:09:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-10 08:09:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-10 08:09:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-10 08:09:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-10 08:09:01 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-10 08:05:53 0 d-------- C:\Program Files\BitDefender
2008-07-10 08:05:53 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-10 07:57:02 78848 -----n--- C:\WINDOWS\system32\vhjygjcw.dll
2008-07-10 07:56:09 4561 --ahs---- C:\WINDOWS\system32\xHOXyyay.ini2
2008-07-10 07:56:03 318976 -----n--- C:\WINDOWS\system32\yayyXOHx.dll
2008-07-10 07:52:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-10 07:52:18 0 d-------- C:\Documents and Settings\Robin\Application Data\Mozilla
2008-07-10 07:52:05 0 dr-h----- C:\Documents and Settings\Robin\Recent
2008-07-10 01:26:57 0 d-------- C:\Program Files\Common Files\BitDefender
2008-07-10 00:36:30 0 d-------- C:\Program Files\Lavasoft
2008-07-10 00:36:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-10 00:35:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 00:34:50 0 d-------- C:\Program Files\CCleaner
2008-07-10 00:32:52 70656 --a------ C:\WINDOWS\system32\__c00E5BC.exe
2008-07-10 00:31:06 0 d-------- C:\WINDOWS\pss
2008-07-09 22:17:57 118784 --a------ C:\WINDOWS\system32\extmgr32.dll
2008-07-09 22:17:54 70656 --a------ C:\WINDOWS\system32\__c00F93EC.exe
2008-06-17 21:17:29 3040 --ahs---- C:\WINDOWS\system32\Ttsututv.ini2
2008-06-17 21:10:24 59392 -----n--- C:\WINDOWS\system32\iiFYrsRh.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-10 10:02:59 0 d-------- C:\Program Files\Common Files
2008-07-10 09:38:31 11 --ahs---- C:\Documents and Settings\Robin\Application Data\55277-OEM-0011903-00102S.manifest
2008-07-10 09:38:31 671 --ahs---- C:\Documents and Settings\Robin\Application Data\55277-OEM-0011903-00102P.manifest
2008-07-10 09:38:31 11 --ahs---- C:\Documents and Settings\Robin\Application Data\55277-OEM-0011903-00102O.manifest
2008-07-10 09:38:31 13 --ahs---- C:\Documents and Settings\Robin\Application Data\55277-OEM-0011903-00102C.manifest
2008-07-10 09:15:43 0 d-------- C:\Program Files\GIB
2008-07-10 06:08:12 22291 -----n--- C:\WINDOWS\system32\__c0017AEA.dat
2008-07-10 01:08:38 0 d-------- C:\Program Files\LiveAntispy
2008-07-10 00:35:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 22:16:37 0 d-------- C:\Program Files\Spyware Doctor
2008-04-16 22:12:47 86016 --a------ C:\WINDOWS\system32\__c0021CA0.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0196822F-2120-48AF-89F3-20D1930D0F1E}]
07/10/2008 07:56 AM 318976 --------- C:\WINDOWS\system32\yayyXOHx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83933c9b-873d-472c-bbce-9afb35c4b649}]
C:\WINDOWS\system32\xrdgqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98F1CAF7-9C0E-45AA-83AD-5F7451DE6A41}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6D4EF2E-A54D-4C67-BACF-919743004D92}]
C:\WINDOWS\system32\vtutustT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMabb05038"="C:\WINDOWS\system32\riqrilym.dll" []
"a88363a4"="C:\WINDOWS\system32\vhjygjcw.dll" [07/10/2008 07:57 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []

C:\Documents and Settings\Robin\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a883630b368]
C:\WINDOWS\System32\extmgr32.dll 07/09/2008 10:17 PM 118784 C:\WINDOWS\SYSTEM32\extmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPjIxv]
cbXPjIxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyyax]
fccyyax.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0092890]
C:\WINDOWS\system32\__c0092890.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00E3290]
C:\WINDOWS\system32\__c00E3290.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\extmgr32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayyXOHx

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F5AC1B2A9.exe]
C:\DOCUME~1\Robin\LOCALS~1\Temp\_A00F5AC1B2A9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a88363a4]
rundll32.exe "C:\WINDOWS\system32\yogigtip.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabb05038]
Rundll32.exe "C:\WINDOWS\system32\riqrilym.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\DELLMMKB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"Nhksrv"=2 (0x2)
"McShield"=3 (0x3)
"ImapiService"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AvSynMgr"=2 (0x2)

*Newly Created Service* - 9C0250AC
*Newly Created Service* - E03C6C6D



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8784 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-10 12:45:09 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 255.3 MiB / 104.52 MiB
Pagefile Memory (total/avail): 617.32 MiB / 431.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.52 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.11 GiB total, 6.51 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L020J1 - 19.14 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 19.11 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\DOM\\Xm.exe"="C:\\DOM\\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager"
"C:\\Program Files\\America Online 7.0\\waol.exe"="C:\\Program Files\\America Online 7.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCCW6C11
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin
LOGONSERVER=\\DCCW6C11
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robin\LOCALS~1\Temp
USERDOMAIN=DCCW6C11
USERNAME=Robin
USERPROFILE=C:\Documents and Settings\Robin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Robin (admin)
Randy (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
America Online --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\AOLSHARE\Coach\AolCInUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HSF V92 56K Data Fax PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Picture Studio - Image Expert 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra Imaging\Image Expert 2000\Uninst.isu" -c"C:\Program Files\Sierra Imaging\Image Expert 2000\uninstall.dll
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DiMAGE Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x9 anything
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
hp deskjet 960c series (Remove only) --> C:\Program Files\hp deskjet 960c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=960c -huninstall
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\setup.exe" -K -INTELUNINST
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
McAfee Firewall --> MsiExec.exe /I{9E0FB790-5971-41F3-A1C3-1CF9E153FF2A}
McAfee VirusScan --> MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Publisher 2000 --> MsiExec.exe /I{00140409-78E1-11D2-B60F-006097C998E7}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Microtek ScanWizard 5 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\ScanWiz5\Uninst.isu
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\SETUP.EXE" ControlPanel
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
PRO200WL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Ulead Photo Explorer 7.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38E1721-7FE7-11D4-A898-0000E83DCDA6}\setup.exe"
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type16029 / Error
Event Submitted/Written: 07/10/2008 10:02:01 AM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Java™ 6 Update 7 -- Error 1704.An installation for BitDefender Total Security 2008 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Event Record #/Type16027 / Error
Event Submitted/Written: 07/10/2008 10:01:29 AM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Java™ 6 Update 7 -- Error 1704.An installation for BitDefender Total Security 2008 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Event Record #/Type16008 / Error
Event Submitted/Written: 07/10/2008 08:11:16 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\BitDefender\Setup Information\{DB368901-C41E-4D86-9809-E0EE635A6939}\bdts.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type16007 / Error
Event Submitted/Written: 07/10/2008 08:10:38 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\bdts.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type16006 / Error
Event Submitted/Written: 07/10/2008 08:03:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ws2_32.dll, version 5.1.2600.2180, fault address 0x000124af.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type63294 / Error
Event Submitted/Written: 07/10/2008 09:43:48 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type63276 / Error
Event Submitted/Written: 07/10/2008 09:39:14 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BitDefender Virus Shield service failed to start due to the following error:
%%1053

Event Record #/Type63275 / Error
Event Submitted/Written: 07/10/2008 09:39:14 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the BitDefender Virus Shield service to connect.

Event Record #/Type63272 / Error
Event Submitted/Written: 07/10/2008 09:37:06 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type63271 / Error
Event Submitted/Written: 07/10/2008 09:36:59 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-07-10 12:45:09 ------------



Kaspersky Scan Results

Thursday, July 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 10, 2008 13:41:30
Records in database: 932972
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Files scanned 51367
Threat name 9
Infected objects 28
Suspicious objects 0
Duration of the scan 01:49:56

File name Threat name Threats count
C:\WINDOWS\system32\yayyXOHx.dll/C:\WINDOWS\system32\yayyXOHx.dll Infected: Trojan.Win32.Monderc.gen 3
C:\WINDOWS\system32\vhjygjcw.dll/C:\WINDOWS\system32\vhjygjcw.dll Infected: Trojan.Win32.Monderc.gen 6
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2119\A0193031.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2124\A0198101.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yyr 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203142.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203143.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203144.EXE Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203145.exe Infected: not-virus:Hoax.Win32.Renos.fi 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203148.dll Infected: Trojan.Win32.Monderc.gen 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2128\A0203149.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\SYSTEM32\eivkjbxq.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay 3
C:\WINDOWS\SYSTEM32\iiFYrsRh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\SYSTEM32\lhiwpyrr.exe Infected: not-a-virus:AdWare.Win32.Shopper.c 1
C:\WINDOWS\SYSTEM32\vhjygjcw.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\SYSTEM32\yayyXOHx.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\SYSTEM32\__c0017AEA.dat Infected: Trojan-Downloader.Win32.Agent.jaq 1
C:\WINDOWS\SYSTEM32\__c001C81B.dat Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\SYSTEM32\__c0021CA0.dat Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\SYSTEM32\__c00D845C.dat Infected: Trojan.Win32.Mondera.gen 1
The selected area was scanned.

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 11 July 2008 - 12:39 AM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Raej

Raej
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 July 2008 - 06:09 AM

I scanned it with BitDefender Total Security. It's a 70$ program.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 11 July 2008 - 06:11 AM

I can't see it installed anymore. How are you supposed to prevent malware if you install a Security program and then uninstall it again?
You really need an active running Antivirus though.
Please download and install Avira as I asked + perform a scan, because your system is still crippled with malware.

Then we'll deal with the leftovers afterwards.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:06 AM

Posted 23 July 2008 - 12:41 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users