Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Winantivirus 2006 Popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 Stratopastor

Stratopastor

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 10 August 2006 - 10:20 AM

hello, i am very much a newbie when it comes to these things. My computer keeps getting popup ads from winantivirus 2006 even when i dont have an internet browser open. A friend told me to run msconfig and uncheck everything. I can recheck everything if you guys want. I really dont know what to do. Here is my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 11:05:40 AM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\1153520873\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155093775531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 11 August 2006 - 05:56 AM

Hello and welcome aboard :thumbsup:

1) Please recheck everything from msconfig (Start => Run => type: msconfig
Hit enter and go to the startup tab -- check everything and click Apply and hit ok for any warnings etc), I really need to see all the info I can get out of your HijackThis log.

2) Please rename HijackThis.exe to Scanner.exe. This will allow me to see your O2 & O20 entries since you would seem to have the new Vundo infection.

3) Please only use ONE anti-virus and ONE firewall running at the same time on your computer. Either keep AVG and uninstall Norton Anti-virus or vice versa. :flowers:

4) Post a fresh HijackThis log (running the renamed Scanner.exe) when all this is done.
Hi there, stranger!

#3 Stratopastor

Stratopastor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 11 August 2006 - 05:08 PM

ok so i only have norton installed, i rechecked everything in the startup tab of msconfig, and i renamed hijack this to scanner.exe. thank you so much for your help i really appreciate it. here is my new hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 6:02:28 PM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1153520873\ee\aim6.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D905241B-60A8-4AEA-A657-20D2E1837F03} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rbonti] C:\WINDOWS\system32\SKS~1\NTEPAD~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155093775531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 12 August 2006 - 03:04 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Check the Run VundoFix as a task box.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.

Hi there, stranger!

#5 Stratopastor

Stratopastor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 12 August 2006 - 05:36 PM

hi, i ran vundofix and it couldn't find anything, what else should i do

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 13 August 2006 - 06:20 AM

Lets try again..
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying Vundofix will close and re-open in a minute or less. Click OK.
  • When VundoFix re-opens, click Scan for Vundo button.
  • Once the scan is complete, right-click inside the listbox (white box) and click Add more files
  • Copy & paste the 2 entries below into the top 2 boxes:
    • C:\WINDOWS\system32\mlljj.dll
    • C:\WINDOWS\system32\jjllm.*
  • Click Add Files and click Close Window.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log. :thumbsup:

Hi there, stranger!

#7 Stratopastor

Stratopastor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 13 August 2006 - 10:23 AM

thank you very much for the help. here is my vundofix.txt and my new hijackthis log


VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 12:23:12 AM 8/9/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 12:56:03 AM 8/9/2006

Listing files found while scanning....

No infected files were found.


VundoFix V5.1.7

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 1:52:13 AM 8/9/2006

Listing files found while scanning....


VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 6:29:08 PM 8/12/2006

Listing files found while scanning....

No infected files were found.


VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 11:10:05 AM 8/13/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlljj.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 11:20:41 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1153520873\ee\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F342FCED-F81F-4CDA-96DE-BEDCFA63AD6F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rbonti] C:\WINDOWS\system32\SKS~1\NTEPAD~1.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155093775531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 14 August 2006 - 06:20 AM

Alrighty then :thumbsup:

We got rid of Vundo. Go ahead and delete VundoFix if you want.

---

Please print these instructions out, or write them down, as you can't read them during the fix.

First, surf here: http://www.uploadmalware.com/

Fill in the blanks. Your forum username,

To the link request, paste this: http://www.bleepingcomputer.com/forums/t/61706/help-with-winantivirus-2006-popups/

Then make sure to submit the following file:

C:\VundoFix Backups\mlljj.dll

To the further infobox, throw something like "VundoFix didn't detect".

Thanks! This is so that Atribune can add that particular file to the fix :flowers:

----

Please run a scan with HijackThis and check the following objects for removal:

R3 - URLSearchHook: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {B821F302-35BF-062D-BCB2-44B6AFE02A92} - C:\WINDOWS\system32\twfvcd.dll (file missing)
O2 - BHO: (no name) - {F342FCED-F81F-4CDA-96DE-BEDCFA63AD6F} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Rbonti] C:\WINDOWS\system32\SKS~1\NTEPAD~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


Close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis and reboot.

---

Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within Ewido for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close Ewido Anti-spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
  • Lauch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post back with the Ewido results. :huh:

Hi there, stranger!

#9 Stratopastor

Stratopastor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 14 August 2006 - 06:03 PM

hi, i accidentally deleted the files after the scan instead of quarantine. but it found traces of purityscan and virtumonde and minibug. im not sure what those are. here is my ewido results.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:37:58 PM 8/14/2006

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frED6A -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\ddcabyy.dll -> Adware.Virtumonde : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aq83xc0j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Edited by Stratopastor, 14 August 2006 - 06:04 PM.


#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 15 August 2006 - 10:54 AM

Looking good :thumbsup:

----

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
---

Now post an fresh HijackThis log and let me know hows the system running :flowers:
Hi there, stranger!

#11 Stratopastor

Stratopastor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 15 August 2006 - 10:13 PM

hey thanks, my system appears to be running great. no more popups i even ran internet explorer the entire day instead of firefox and no problems so far. how did you guys learn how to do this stuff anyway, you are my new hero. here is my new hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:10:27 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1153520873\ee\aim6.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1153520873\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155093775531
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 16 August 2006 - 04:11 AM

Oh and one more thing to do. Unless you installed ViewPoint yourself, I recommend uninstalling it.

Through Add/Remove programs, uninstall this:

Viewpoint Manager <- Anything that goes by the name ViewPoint.

Next, delete this folder if found:

C:\Program Files\Viewpoint

Empty recycle bin.

----

This stuff can be learnt by anyone :thumbsup: I myself went through GeekU. You can also go through the school at here, bleepingcomputer, simply PM Grinler saying you want to join the classroom.. Then there's a lot others, including Malware Removal University (simply google it), TomCoyote Classroom (google that too). Then some others like SWI Bootcamp etc.

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
  • Firewall <= A firewall is definatley a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs. (Note to only use 1 at-the-time)
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place?
Hi there, stranger!

#13 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:59 AM

Posted 19 August 2006 - 01:23 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users