Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo, Getpack21.exe Plenty Of Popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 Fairdeal

Fairdeal

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 30 September 2008 - 06:10 PM

I have XP home edition 2002 with sp3
Intel Pentium 4 2.99 ghz with 760 mb RAM

I have popup's invading me.
I've used Adaware, Spybot, AVG, Stinger and although they've found stuff it hasn't solved the problem.
I removed OIN (outerinfo) using my control panel (add/remove software)
I don't know what these are:
jkhhh.exe
ppypuauv.dll",s
T?sks\t?skmgr.exe
VnrBlock21.exe"
GetPack21.exe
and maybe other ones.

So here is my HiJack File.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:42 PM, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhh.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM9b72c5fc] Rundll32.exe "C:\WINDOWS\system32\ppypuauv.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Caf] C:\WINDOWS\system32\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Geglsr] "C:\Documents and Settings\Gavin\Application Data\W?nSxS\d?xplore.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199978225343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181476902
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll lzwvdw.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

--
End of file - 7889 bytes


Thanks in advance.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 01 October 2008 - 02:28 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 01 October 2008 - 04:56 PM

Thanks for your quick response. I followed your instructions exactly. I have installed the Recovery console from my CD (although it did warn me that my system has a more up to date version - my PC has SP3). When I ran combofix it opened a tiny window and showed a progress bar then less than 5 secs later closed itself. There is no .txt file and I didn't see any of the other screens as shown in the instructions. I've posted a new HiJack file below but I'm getting nervous that I'm seeing new stuff there now eg. grep.cfexe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:57 PM, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.cfexe
C:\32788R22FWJFW\grep.cfexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhh.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM9b72c5fc] Rundll32.exe "C:\WINDOWS\system32\glfigvbe.dll",s
O4 - HKCU\..\Run: [Caf] C:\WINDOWS\system32\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Geglsr] "C:\Documents and Settings\Gavin\Application Data\W?nSxS\d?xplore.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199978225343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181476902
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

--
End of file - 7334 bytes

Any ideas? Thanks.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 02 October 2008 - 12:12 AM

Hi,

Please run Combofix from Windows Safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 02 October 2008 - 07:39 AM

Wow - some yukky stuff! PC is running veeeeerrrrry slooooooooooww now.
AVG came up after startup with threats and asked: Do you want to force the threat removal? Forced removal can cause system unstability or even crash. So I answered No. Repeatedly. Then eventually exited.

ComboFix 08-09-30.03 - Administrator 2008-10-02 7:04:55.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.578 [GMT -5:00]
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gavin\Application Data\WNSXS~1
C:\Program Files\Common Files\fnts~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM9b72c5fc.txt
C:\WINDOWS\BM9b72c5fc.xml
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fgiRAJjl.ini
C:\WINDOWS\system32\hovuarfn.ini
C:\WINDOWS\system32\IjPrttwa.ini
C:\WINDOWS\system32\jmdkffed.ini
C:\WINDOWS\system32\KmWyIRqr.ini
C:\WINDOWS\system32\KmWyIRqr.ini2
C:\WINDOWS\system32\minkvxiq.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rqRIyWmK.dll
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\wapicc32.exe
C:\WINDOWS\system32\wpulwbse.ini
C:\WINDOWS\system32\z1

.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-10-01 13:16 . 2008-10-01 13:16 123,904 --a------ C:\WINDOWS\system32\uyumzx.dll
2008-10-01 13:16 . 2008-10-01 13:16 123,904 --a------ C:\WINDOWS\system32\mjvbcwmp.dll
2008-10-01 13:13 . 2008-10-01 13:13 105,984 --a------ C:\WINDOWS\system32\glfigvbe.dll
2008-10-01 13:13 . 2008-10-01 13:13 71,168 --a------ C:\WINDOWS\system32\nfrauvoh.dll
2008-09-30 15:48 . 2008-09-30 15:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-30 14:04 . 2008-09-30 14:04 67,072 --a------ C:\WINDOWS\system32\deffkdmj.dll
2008-09-30 14:01 . 2008-09-30 14:01 123,904 --a------ C:\WINDOWS\system32\lzwvdw.dll
2008-09-30 14:01 . 2008-09-30 14:01 123,904 --a------ C:\WINDOWS\system32\cvlsquls.dll
2008-09-30 13:58 . 2008-09-30 13:58 101,888 --a------ C:\WINDOWS\system32\ppypuauv.dll
2008-09-30 13:03 . 2008-09-30 13:03 268 --ah----- C:\sqmdata06.sqm
2008-09-30 13:03 . 2008-09-30 13:03 244 --ah----- C:\sqmnoopt06.sqm
2008-09-30 12:59 . 2008-09-30 12:59 322 --a------ C:\WINDOWS\wininit.ini
2008-09-30 12:05 . 2008-09-30 12:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-30 12:05 . 2008-09-30 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 10:15 . 2008-09-30 10:15 268 --ah----- C:\sqmdata05.sqm
2008-09-30 10:15 . 2008-09-30 10:15 244 --ah----- C:\sqmnoopt05.sqm
2008-09-30 06:57 . 2008-09-30 06:57 123,904 --a------ C:\WINDOWS\system32\ouwbtvyw.dll
2008-09-30 06:57 . 2008-09-30 06:57 123,904 --a------ C:\WINDOWS\system32\luiltf.dll
2008-09-30 06:54 . 2008-09-30 13:02 806,710 --ahs---- C:\WINDOWS\system32\fgiRAJjl.ini2
2008-09-29 22:25 . 2008-09-29 22:25 268 --ah----- C:\sqmdata04.sqm
2008-09-29 22:25 . 2008-09-29 22:25 244 --ah----- C:\sqmnoopt04.sqm
2008-09-29 12:18 . 2008-09-29 12:18 268 --ah----- C:\sqmdata03.sqm
2008-09-29 12:18 . 2008-09-29 12:18 244 --ah----- C:\sqmnoopt03.sqm
2008-09-29 12:09 . 2008-09-29 12:09 101,888 --a------ C:\WINDOWS\system32\rnyuohdm.dll
2008-09-28 22:03 . 2008-09-28 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 12:22 . 2008-09-28 12:22 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 12:06 . 2008-09-29 12:08 877,220 --ahs---- C:\WINDOWS\system32\IjPrttwa.ini2
2008-09-19 10:08 . 2008-09-19 10:08 <DIR> d-------- C:\Program Files\NOS
2008-09-19 10:08 . 2008-09-19 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 12:12 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-01 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-01 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 03:04 --------- d-----w C:\Program Files\Lavasoft
2008-09-29 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 21:30 --------- d-----w C:\Program Files\RogueRemover FREE
2008-09-27 18:48 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Skype
2008-09-27 13:02 --------- d-----w C:\Documents and Settings\Gavin\Application Data\skypePM
2008-08-30 13:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 11:49 --------- d-----w C:\Documents and Settings\Gavin\Application Data\CoreFTP
2008-08-21 02:15 --------- d-----w C:\Program Files\Java
2008-08-20 02:03 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Move Networks
2008-08-04 16:18 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Apple Computer
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 16:22 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-17 16:28 18,312 ----a-w C:\Documents and Settings\Gavin\Application Data\GDIPFONTCACHEV1.DAT
2008-01-18 03:16 56,912 ----a-w C:\Documents and Settings\Gavin\g2mdlhlpx.exe
2007-12-21 01:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-31 20:01 7,101 --sha-w C:\WINDOWS\system32\hhhkj.ini2
.
<pre>
----a-w		   483,328 2007-12-31 19:31:52  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w		   700,416 2007-12-31 19:31:57  C:\Program Files\Creative\Sync Manager Unicode\CTSyncU .exe
----a-w			68,856 2007-12-31 19:31:55  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			49,152 2007-12-31 19:31:46  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   489,472 2007-12-31 19:31:47  C:\Program Files\Logitech\Video\CameraAssistant .exe
----a-w			73,728 2007-12-31 19:31:48  C:\Program Files\Logitech\Video\InstallHelper .exe
----a-w		 5,674,352 2007-12-31 19:31:59  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   286,720 2007-12-31 19:31:53  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   262,144 2007-12-31 19:31:47  C:\WINDOWS\system32\ElkCtrl .exe
----a-w			77,824 2007-12-31 19:31:46  C:\WINDOWS\system32\hkcmd .exe
----a-w		   114,688 2007-12-31 19:31:47  C:\WINDOWS\system32\igfxpers .exe
----a-w			94,208 2007-12-31 19:31:47  C:\WINDOWS\system32\igfxtray .exe
----a-w		   225,280 2007-12-31 19:31:47  C:\WINDOWS\system32\LVCOMSX .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ceacd64-291a-4dd1-acb9-8845a5634b2a}]
2008-10-01 13:16 123904 --a------ C:\WINDOWS\system32\uyumzx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Caf"="C:\WINDOWS\system32\T?sks\t?skmgr.exe" [?]
"Geglsr"="C:\Documents and Settings\Gavin\Application Data\W?nSxS\d?xplore.exe" [?]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"VnrBlock21"="C:\Program Files\VnrBlock\VnrBlock21.exe" [N/A]
"GetPack21"="C:\Program Files\GetPack\GetPack21.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-31 286720]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"BM9b72c5fc"="C:\WINDOWS\system32\glfigvbe.dll" [2008-10-01 105984]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-23 25214]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-20 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll lzwvdw.dll uyumzx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys [2007-12-28 49600]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

BHO-{3DBEB160-3541-4AAE-B0C5-B2455342B1C9} - C:\WINDOWS\system32\ljJARigf.dll
BHO-{542AFE04-F340-479D-A0D6-CC485A86C882} - C:\WINDOWS\system32\rqRIyWmK.dll
BHO-{69C4F356-C387-4909-A7D4-BBBE9A1B0014} - C:\WINDOWS\system32\jkhhh.dll
BHO-{88379D08-C9C1-4636-981D-EBCB315A9B8E} - C:\WINDOWS\system32\ssqpOeEx.dll
BHO-{9567C1D2-5216-7AC2-4B00-5C10997827BB} - C:\WINDOWS\system32\omoqja.dll
BHO-{AB19561C-6452-4434-A78E-3A1ABB07B2B6} - C:\WINDOWS\system32\awttrPjI.dll
BHO-{BDA6A04C-3480-4858-DC5C-39E6078658B0} - C:\WINDOWS\system32\yhxfnct.dll
ShellExecuteHooks-{88379D08-C9C1-4636-981D-EBCB315A9B8E} - C:\WINDOWS\system32\ssqpOeEx.dll
Notify-byXNgdCU - byXNgdCU.dll
Notify-iifgdba - iifgdba.dll
Notify-ssqpOeEx - ssqpOeEx.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\ylx8v42x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 07:13:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-02 7:15:44 - machine was rebooted [Gavin]
ComboFix-quarantined-files.txt 2008-10-02 12:15:39

Pre-Run: 4,767,830,016 bytes free
Post-Run: 4,934,983,680 bytes free

200 --- E O F --- 2008-09-11 08:03:02

I'll struggle with slow PC today. Thanks again for your ongoing help.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 02 October 2008 - 07:51 AM

Hi,

It doesn't suprise me at all that your PC is running so slow.
Not sure if you are aware how SEVERLY infected this PC is.

Please temporary disable your AVG since it may interfere with the fixes.
Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the codebox below into notepad:

File::
C:\WINDOWS\system32\uyumzx.dll
C:\WINDOWS\system32\mjvbcwmp.dll
C:\WINDOWS\system32\glfigvbe.dll
C:\WINDOWS\system32\nfrauvoh.dll
C:\WINDOWS\system32\deffkdmj.dll
C:\WINDOWS\system32\lzwvdw.dll
C:\WINDOWS\system32\cvlsquls.dll
C:\WINDOWS\system32\ppypuauv.dll
C:\WINDOWS\system32\ouwbtvyw.dll
C:\WINDOWS\system32\luiltf.dll
C:\WINDOWS\system32\fgiRAJjl.ini2
C:\WINDOWS\system32\rnyuohdm.dll
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\system32\IjPrttwa.ini2
C:\WINDOWS\system32\hhhkj.ini2
Folder::
C:\Program Files\GetPack
C:\Program Files\VnrBlock
RENV::
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Logitech\Video\CameraAssistant .exe
C:\Program Files\Logitech\Video\InstallHelper .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\QuickTime\qttask	   .exe
C:\WINDOWS\system32\ElkCtrl .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\LVCOMSX .EXE
Filelook::
C:\Documents and Settings\Gavin\g2mdlhlpx.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ceacd64-291a-4dd1-acb9-8845a5634b2a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Caf"=-
"Geglsr"=-
"VnrBlock21"=-
"GetPack21"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM9b72c5fc"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 02 October 2008 - 10:56 AM

I really appreciate your fast response while my PC is in a 'critical' situation. After that new combofix effort my PC seems to be back to normal speed. Here's the Combofix log and Hijack logs.

ComboFix 08-10-01.02 - Gavin 2008-10-02 10:35:34.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.421 [GMT -5:00]
Running from: C:\Documents and Settings\Gavin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gavin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\cvlsquls.dll
C:\WINDOWS\system32\deffkdmj.dll
C:\WINDOWS\system32\fgiRAJjl.ini2
C:\WINDOWS\system32\glfigvbe.dll
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\IjPrttwa.ini2
C:\WINDOWS\system32\luiltf.dll
C:\WINDOWS\system32\lzwvdw.dll
C:\WINDOWS\system32\mjvbcwmp.dll
C:\WINDOWS\system32\nfrauvoh.dll
C:\WINDOWS\system32\ouwbtvyw.dll
C:\WINDOWS\system32\ppypuauv.dll
C:\WINDOWS\system32\rnyuohdm.dll
C:\WINDOWS\system32\uyumzx.dll
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
.

((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-09-30 15:48 . 2008-09-30 15:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-30 13:03 . 2008-09-30 13:03 268 --ah----- C:\sqmdata06.sqm
2008-09-30 13:03 . 2008-09-30 13:03 244 --ah----- C:\sqmnoopt06.sqm
2008-09-30 12:59 . 2008-09-30 12:59 322 --a------ C:\WINDOWS\wininit.ini
2008-09-30 12:05 . 2008-09-30 12:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-30 12:05 . 2008-09-30 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 10:15 . 2008-09-30 10:15 268 --ah----- C:\sqmdata05.sqm
2008-09-30 10:15 . 2008-09-30 10:15 244 --ah----- C:\sqmnoopt05.sqm
2008-09-29 22:25 . 2008-09-29 22:25 268 --ah----- C:\sqmdata04.sqm
2008-09-29 22:25 . 2008-09-29 22:25 244 --ah----- C:\sqmnoopt04.sqm
2008-09-29 12:18 . 2008-09-29 12:18 268 --ah----- C:\sqmdata03.sqm
2008-09-29 12:18 . 2008-09-29 12:18 244 --ah----- C:\sqmnoopt03.sqm
2008-09-28 22:03 . 2008-09-28 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-19 10:08 . 2008-09-19 10:08 <DIR> d-------- C:\Program Files\NOS
2008-09-19 10:08 . 2008-09-19 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-02 15:22 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-10-02 14:47 --------- d-----w C:\Program Files\QuickTime
2008-10-02 14:47 --------- d-----w C:\Program Files\MSN Messenger
2008-10-01 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 03:04 --------- d-----w C:\Program Files\Lavasoft
2008-09-29 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 21:30 --------- d-----w C:\Program Files\RogueRemover FREE
2008-09-27 18:48 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Skype
2008-09-27 13:02 --------- d-----w C:\Documents and Settings\Gavin\Application Data\skypePM
2008-08-30 13:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 11:49 --------- d-----w C:\Documents and Settings\Gavin\Application Data\CoreFTP
2008-08-21 02:15 --------- d-----w C:\Program Files\Java
2008-08-20 02:03 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Move Networks
2008-08-04 16:18 --------- d-----w C:\Documents and Settings\Gavin\Application Data\Apple Computer
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 16:22 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-17 16:28 18,312 ----a-w C:\Documents and Settings\Gavin\Application Data\GDIPFONTCACHEV1.DAT
2008-01-18 03:16 56,912 ----a-w C:\Documents and Settings\Gavin\g2mdlhlpx.exe
2007-12-21 01:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gavin\g2mdlhlpx.exe -- Unable to find file version info.
MD5: ee2328e770493ee406420e02f83e266d


((((((((((((((((((((((((((((( snapshot@2008-10-02_ 7.15.09.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-31 19:31:47 262,144 ----a-w C:\WINDOWS\system32\ElkCtrl.exe
+ 2007-12-31 19:31:46 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2007-12-31 19:31:47 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
+ 2007-12-31 19:31:47 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2007-12-31 19:31:47 225,280 ----a-w C:\WINDOWS\system32\LVCOMSX.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-31 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-31 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2007-12-31 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-31 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-23 25214]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-20 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys [2007-12-28 49600]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 10:36:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-02 10:37:08
ComboFix-quarantined-files.txt 2008-10-02 15:37:03
ComboFix2.txt 2008-10-02 15:29:28
ComboFix3.txt 2008-10-02 14:50:42
ComboFix4.txt 2008-10-02 12:15:45

Pre-Run: 7,659,532,288 bytes free
Post-Run: 7,645,806,592 bytes free

140 --- E O F --- 2008-09-11 08:03:02

--------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2008-10-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199978225343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181476902
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

--
End of file - 7289 bytes

It might even be fixed !!! No popups yet. But I'd love to know what we did (maybe there is reference material here on bleepingcomputers or elsewhere for me to read up on) and also what to do with the new folders/files I have.
Anyway, thanks so far.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 02 October 2008 - 11:01 AM

Hi,

This is much better and malware should be gone now (as far as I can see from your logs).

However, there's one file I want you to upload for a scan, so Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\Documents and Settings\Gavin\g2mdlhlpx.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

and also what to do with the new folders/files I have

I assume you mean with the tools we used?
You can keep HijackThis if you want. If you don't want it anymore, then uninstall it.

For Combofix, don't keep it - so * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 02 October 2008 - 04:57 PM

Superb. Thanks so much.
Here's that info you requested:

File has already been analysed:
MD5: ee2328e770493ee406420e02f83e266d
First received: 07.31.2007 21:41:08 (CET)
Date: 10.02.2008 18:05:50 (CET) [<1D]
Results: 1/36
Permalink: analisis/71aed6499fd3a15b2d8b6a54f5640ae8

I'd like to clear my folders up a bit. I wanted to check with you if I can delete the following 3 folders:

1. I have a folder called .jnlp-applet under my User folder name. Apparently it's something to

do with 3D viewing.
2. I have a folder on C: called $AVG8.VAULT$ I assume this is the Vault for quarantined files by

AVG but I'm not sure why it's in a different place to the AVG programs which are under Program

Files.
3. Even after running combofix /u I have a folder called Combofix on C: with a couple of files in

eg. CF5217

Thanks.
Fairdeal.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 03 October 2008 - 01:30 AM

Hi,

1. I have a folder called .jnlp-applet under my User folder name. Apparently it's something to

do with 3D viewing.

Don't delete that one. It was installed along with Sun Java and you need it to run certain applets.

2. I have a folder on C: called $AVG8.VAULT$ I assume this is the Vault for quarantined files by

AVG but I'm not sure why it's in a different place to the AVG programs which are under Program

Files.

It's designed like that and is supposed to be there. Almost every program has a seperate folder not present under the Program Files.

3. Even after running combofix /u I have a folder called Combofix on C: with a couple of files in

eg. CF5217

You may delete that folder and the folder C:\Qoobox if still present.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Fairdeal

Fairdeal
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 03 October 2008 - 10:29 AM

Thankyou so much Miekiemoes.
No more pop-ups and everything buzzing along nicely.
I appreciate it.

-Fairdeal

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 03 October 2008 - 10:34 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:11 PM

Posted 13 October 2008 - 09:25 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users