Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Keeps Coming Back Even After Running The Fix


  • Please log in to reply
1 reply to this topic

#1 Katz3

Katz3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 30 July 2008 - 02:51 AM

Help me please.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:00, on 30/7/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Katz\My Documents\Downloads\Programs\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlashgetMini] C:\Program Files\FlashGet Network\Flashget\Temp\setup.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [BM8b307ea1] Rundll32.exe "C:\WINDOWS\system32\dgtdcnna.dll",s
O4 - HKLM\..\Run: [88034d3d] rundll32.exe "C:\WINDOWS\system32\dogwhqmh.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\?Tudou\TudouVa.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1211013055359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6893 bytes

Deckard's System Scanner v20071014.68
Run by Katz on 2008-07-30 16:27:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
System Drive C: has 1.58 GiB (less than 15%) free.


-- HijackThis (run as Katz.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:22, on 30/7/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 6.0\bin\mysqld.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Katz\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Katz.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {4CF880C3-AA64-4205-94F5-25A528B71CB0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9B904910-78A4-489D-A825-5111B883A5B2} - (no file)
O2 - BHO: (no name) - {DB5F6E91-84B7-4ED7-B0CA-90E17AC20264} - C:\WINDOWS\system32\nnnmlKBu.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: {459b26de-0963-267b-6004-91e4dfae6daf} - {fad6eafd-4e19-4006-b762-3690ed62b954} - C:\WINDOWS\system32\umzshi.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlashgetMini] C:\Program Files\FlashGet Network\Flashget\Temp\setup.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [BM8b307ea1] Rundll32.exe "C:\WINDOWS\system32\dgtdcnna.dll",s
O4 - HKLM\..\Run: [88034d3d] rundll32.exe "C:\WINDOWS\system32\dogwhqmh.dll",b
O4 - HKLM\..\Run: [ShutdownEventCheck] %systemroot%\system32\dumprep 0 -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\?Tudou\TudouVa.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1211013055359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ljJCrpPF - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8681 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>
R2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491043&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491043&REV_80\3&267A616A&0&78
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0001
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0001
Service: msloop


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 19:29:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2050-07-02 17:25:57 0 d-------- C:\Documents and Settings\Katz\Application Data\Hamachi
2050-07-02 17:24:42 0 d-------- C:\Program Files\Hamachi
2008-07-30 15:47:20 0 d-------- C:\Program Files\Trend Micro
2008-07-29 23:03:53 0 d-------- C:\Program Files\Ares
2008-07-29 22:51:26 0 d-------- C:\Program Files\ThreatFire
2008-07-29 22:51:26 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 22:29:31 0 d-------- C:\VundoFix Backups
2008-07-29 19:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 18:51:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 18:46:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 18:04:37 0 d-------- C:\Program Files\Opera
2008-07-29 17:41:57 0 d-------- C:\Documents and Settings\Katz\Application Data\IDM
2008-07-29 17:40:45 0 d-------- C:\Program Files\Internet Download Manager
2008-07-29 14:52:56 262144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-07-28 20:19:25 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-07-28 17:17:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:16:06 0 d-------- C:\Program Files\Spyware Doctor
2008-07-28 17:15:43 626688 --a------ C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio? 2005>
2008-07-28 17:15:36 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-26 16:20:34 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-07-26 16:03:16 0 dr-h----- C:\Documents and Settings\Katz\Recent
2008-07-25 23:19:24 0 d-------- C:\downloads
2008-07-25 23:19:24 0 d-------- C:\Documents and Settings\Katz\Application Data\GrabPro
2008-07-25 23:18:47 0 d-------- C:\Documents and Settings\Katz\Application Data\Orbit
2008-07-25 23:18:41 0 d-------- C:\Program Files\Orbitdownloader
2008-07-23 21:39:19 0 d-------- C:\Documents and Settings\Katz\Application Data\MyPhoneExplorer
2008-07-23 21:21:07 0 d-------- C:\Program Files\MyPhoneExplorer
2008-07-23 17:47:51 0 d-------- C:\Documents and Settings\Katz\Application Data\Media Player Classic
2008-07-23 16:39:53 0 d-------- C:\Program Files\XP Codec Pack
2008-07-23 16:33:53 0 d-------- C:\Documents and Settings\Katz\Application Data\BITS
2008-07-23 16:33:31 4 --a------ C:\WINDOWS\system32\admshare.dat
2008-07-23 16:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashGetBHO
2008-07-23 16:30:17 0 d-------- C:\Program Files\FlashGet Network
2008-07-21 20:05:33 0 d-------- C:\ijji
2008-07-21 20:05:29 0 d--h----- C:\Documents and Settings\Katz\Application Data\ijjigame
2008-07-21 20:02:45 0 d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-07-21 19:07:27 0 d-------- C:\Program Files\Total Video Converter
2008-07-21 18:32:07 0 d-------- C:\Documents and Settings\Katz\Application Data\LimeWire
2008-07-21 18:31:01 0 d-------- C:\Program Files\LimeWire
2008-07-15 17:01:42 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-13 17:25:58 0 d-------- C:\Program Files\iPod
2008-07-13 17:25:49 0 d-------- C:\Program Files\iTunes
2008-07-13 17:22:01 0 d-------- C:\Program Files\QuickTime
2008-07-13 17:17:30 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-10 16:50:42 0 d-------- C:\WINDOWS\pss
2008-07-09 21:02:09 0 d--h----- C:\WINDOWS\PIF
2008-07-08 16:15:39 0 d-------- C:\JWPack
2008-07-08 16:15:29 65024 --a------ C:\WINDOWS\system32\GBK2UC.dat
2008-07-08 16:15:28 73362 --a------ C:\WINDOWS\system32\WordMap.dat
2008-07-08 16:15:28 131072 --a------ C:\WINDOWS\system32\UCT2UCS.dat
2008-07-08 16:15:28 131072 --a------ C:\WINDOWS\system32\UCS2UCT.dat
2008-07-08 16:15:28 131072 --a------ C:\WINDOWS\system32\UC2GBK.dat
2008-07-08 16:15:28 45056 --a------ C:\WINDOWS\system32\CConvert.dll
2008-07-08 16:15:28 65024 --a------ C:\WINDOWS\system32\BIG52UC.dat
2008-07-08 16:15:26 131072 --a------ C:\WINDOWS\system32\UC2BIG5.dat
2008-07-08 16:15:04 36864 --a------ C:\WINDOWS\system32\TaskKeyHook.dll
2008-07-08 16:15:02 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-08 16:15:02 102160 --a------ C:\WINDOWS\system32\VB6JP.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-07-08 16:15:02 125712 --a------ C:\WINDOWS\system32\VB6DE.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-07-08 16:15:01 26384 --a------ C:\WINDOWS\system32\FM20ENU.DLL <Not Verified; Microsoft Corporation; Microsoft? Forms>
2008-07-08 16:15:00 26384 --a------ C:\WINDOWS\system32\FM20CHS.DLL <Not Verified; Microsoft Corporation; Microsoft ® Forms>
2008-07-08 16:14:59 1129232 --a------ C:\WINDOWS\system32\FM20.DLL <Not Verified; Microsoft Corporation; Microsoft? Forms>
2008-07-08 16:13:26 24576 --a------ C:\WINDOWS\system32\GBLib.dll <Not Verified; ; GBLib Dynamic Link Library>
2008-07-08 16:13:26 0 d-------- C:\WINDOWS\speech
2008-07-08 16:13:25 24576 --a------ C:\WINDOWS\system32\GBKLib.dll <Not Verified; ; GBKLib Dynamic Link Library>
2008-07-08 16:13:25 24576 --a------ C:\WINDOWS\system32\CodeLib.dll <Not Verified; ; CodeLib Dynamic Link Library>
2008-07-08 16:13:25 24576 --a------ C:\WINDOWS\system32\BIG5Lib.dll <Not Verified; ; BIG5Lib Dynamic Link Library>
2008-07-08 16:10:34 12 --a------ C:\WINDOWS\system32\nmdenbc.dll
2008-07-08 16:10:34 18 --a------ C:\WINDOWS\AMCOLUER.DLL
2008-07-08 16:10:33 4944 --a------ C:\WINDOWS\system32\WinIo.sys
2008-07-08 16:10:07 0 d-------- C:\Program Files\Bider
2008-07-08 16:10:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 16:08:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-07 14:35:29 0 d-------- C:\Program Files\PremiumSoft
2008-07-07 09:27:15 0 d-------- C:\Documents and Settings\Katz\Application Data\TortoiseSVN
2008-07-07 09:26:45 0 d-------- C:\Documents and Settings\Katz\Application Data\Subversion
2008-07-07 05:31:47 0 d-------- C:\Program Files\TortoiseSVN
2008-07-07 05:31:46 0 d-------- C:\Program Files\Common Files\TortoiseOverlays
2008-07-05 18:14:48 456192 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-05 18:14:44 3591168 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-05 18:13:16 708096 --a------ C:\WINDOWS\system32\ff_x264.dll
2008-07-04 12:48:54 0 d-------- C:\Program Files\XML Notepad 2007
2008-07-02 17:53:16 0 d-------- C:\Program Files\No-IP
2008-07-02 16:02:30 0 d-------- C:\Program Files\BreakPoint Software
2008-07-02 15:52:24 0 d-------- C:\Program Files\HashCalc
2008-07-02 15:05:10 0 d-------- C:\Program Files\PHP5
2008-07-02 15:02:06 0 d-------- C:\Program Files\Abyss Web Server
2008-07-01 22:49:52 0 d-------- C:\Documents and Settings\All Users\Application Data\MySQL
2008-07-01 22:39:04 0 d-------- C:\wamp


-- Find3M Report ---------------------------------------------------------------

2008-07-30 16:09:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-30 16:05:59 0 d-------- C:\Documents and Settings\Katz\Application Data\uTorrent
2008-07-30 16:01:13 0 d-------- C:\Documents and Settings\Katz\Application Data\DMCache
2008-07-29 20:47:29 0 d-a------ C:\Program Files\AskSBar
2008-07-29 18:52:09 0 d-------- C:\Program Files\Lavasoft
2008-07-29 18:46:20 0 d-------- C:\Program Files\Common Files
2008-07-28 17:18:57 148816 --a------ C:\WINDOWS\system32\prfh0804.dat
2008-07-28 17:18:57 159496 --a------ C:\WINDOWS\system32\prfh0404.dat
2008-07-28 17:18:57 59050 --a------ C:\WINDOWS\system32\prfc0804.dat
2008-07-28 17:18:57 59050 --a------ C:\WINDOWS\system32\prfc0404.dat
2008-07-28 17:18:57 198138 --a------ C:\WINDOWS\system32\perfh011.dat
2008-07-28 17:18:57 59050 --a------ C:\WINDOWS\system32\perfc011.dat
2008-07-25 20:54:39 0 d-------- C:\Documents and Settings\Katz\Application Data\MySQL
2008-07-23 19:12:38 0 d-------- C:\Program Files\NetBeans 6.1
2008-07-23 14:40:00 0 d-------- C:\Program Files\PeerGuardian2
2008-07-14 17:08:00 0 d-------- C:\Documents and Settings\Katz\Application Data\Mozilla
2008-07-13 17:40:59 0 d-------- C:\Documents and Settings\Katz\Application Data\Apple Computer
2008-07-13 13:00:45 0 d-------- C:\Documents and Settings\Katz\Application Data\X-Chat 2
2008-06-25 16:05:43 0 d-------- C:\Program Files\glassfish-v2ur2
2008-06-23 00:34:00 177664 --a------ C:\WINDOWS\system32\ff_theora.dll
2008-06-20 15:40:33 0 d-------- C:\Program Files\danny_kay1710
2008-06-18 23:36:08 0 d-------- C:\Program Files\FLV Player
2008-06-14 13:14:28 0 d-------- C:\Documents and Settings\Katz\Application Data\Thunderbird
2008-06-13 18:39:38 23552 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2008-06-13 17:33:02 0 d-------- C:\Program Files\Apple Software Update
2008-06-13 01:36:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-13 00:25:06 962560 --a------ C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-12 17:56:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-12 16:42:05 0 d-------- C:\Program Files\Common Files\Real
2008-06-12 16:42:05 0 d-------- C:\Documents and Settings\Katz\Application Data\Real
2008-06-12 16:13:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-12 16:12:05 0 d-------- C:\Program Files\Symantec
2008-06-12 16:04:28 0 d-------- C:\Program Files\MagicISO
2008-06-12 15:45:09 0 d-------- C:\Program Files\Infinity Software
2008-06-10 21:38:06 0 d-------- C:\Program Files\Java
2008-06-09 23:01:20 0 d-------- C:\Program Files\HydraIRC
2008-06-09 19:58:00 0 d-------- C:\Program Files\X-Chat 2
2008-06-06 23:30:39 0 d-------- C:\Program Files\Tudou
2008-06-06 09:32:04 0 d-------- C:\Program Files\AltBinz
2008-06-05 14:34:40 0 d-------- C:\Documents and Settings\Katz\Application Data\Lavasoft
2008-06-05 11:19:20 0 d-------- C:\Program Files\Common Files\Lavasoft
2008-06-05 09:57:25 0 d-------- C:\Program Files\TVUPlayer
2008-06-05 09:57:23 0 d-------- C:\Documents and Settings\Katz\Application Data\TVU Networks
2008-06-04 19:21:26 0 d-------- C:\Program Files\WinUHA
2008-06-04 15:00:57 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-04 09:19:39 0 d-------- C:\Program Files\Real
2008-05-21 19:29:33 68300 --a------ C:\WINDOWS\hpoins05.dat
2008-05-18 19:21:30 1430 --a------ C:\WINDOWS\mozver.dat
2008-05-18 09:43:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-17 23:46:51 62 --ahs---- C:\Documents and Settings\Katz\Application Data\desktop.ini
2008-05-17 16:20:44 0 -rahs---- C:\MSDOS.SYS
2008-05-17 16:20:44 0 -rahs---- C:\IO.SYS
2008-05-17 16:20:44 0 --a------ C:\CONFIG.SYS
2008-05-17 16:20:44 0 --a------ C:\AUTOEXEC.BAT
2008-05-17 16:16:09 21160 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CF880C3-AA64-4205-94F5-25A528B71CB0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B904910-78A4-489D-A825-5111B883A5B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB5F6E91-84B7-4ED7-B0CA-90E17AC20264}]
C:\WINDOWS\system32\nnnmlKBu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
18/05/2008 08:55 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fad6eafd-4e19-4006-b762-3690ed62b954}]
C:\WINDOWS\system32\umzshi.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= C:\Program Files\Orbitdownloader\GrabPro.dll [21/07/2008 17:57 433272]

[-HKEY_CLASSES_ROOT\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [18/02/2007 12:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [18/02/2007 12:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [18/02/2007 12:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [18/02/2007 12:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [18/05/2008 08:55]
"Cmaudio"="cmicnfg.cpl" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29/05/2007 16:33]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [07/10/2007 20:48]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/07/2008 10:51]
"FlashgetMini"="C:\Program Files\FlashGet Network\Flashget\Temp\setup.exe" [21/07/2008 10:30]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [24/04/2008 16:52]
"BM8b307ea1"="C:\WINDOWS\system32\dgtdcnna.dll" []
"88034d3d"="C:\WINDOWS\system32\dogwhqmh.dll" []
"ShutdownEventCheck"="C:\WINDOWS\system32\dumprep 0 -s" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [18/02/2007 12:00]
"AbyssWebServer"="C:\Program Files\Abyss Web Server\abyssws.exe" [02/07/2008 15:02]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [18/05/2008 09:39]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [07/11/2007 15:34]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [18/09/2005 18:40]
"TudouVAStart"="C:\Program Files\Tudou\?Tudou\TudouVa.exe" []
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [29/07/2008 17:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
"ares"="C:\Program Files\Ares\Ares.exe" [20/02/2008 22:33]

C:\Documents and Settings\Katz\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2/7/2008 17:53:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
dimsntfy.dll 18/02/2007 12:00 19456 C:\WINDOWS\system32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCrpPF]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnmlKBu
"Notification Packages"= RASSFM KDCSVC WDIGEST scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts W32Time WinHttpAutoProxySvc
NetworkService 6to4 DHCP DnsCache
WinErr ERsvc
DcomLaunch DcomLaunch
tapisrv Tapisrv
regsvc RemoteRegistry
swprv swprv

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
W32Time
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
helpsvc
uploadmgr
SRService


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-30 16:35:21 ------------

Edited by Katz3, 30 July 2008 - 03:36 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:33 PM

Posted 01 August 2008 - 04:44 AM

Hello Katz3 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users