Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Jkkklkj.dll


  • This topic is locked This topic is locked
8 replies to this topic

#1 dthomasss

dthomasss

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 23 May 2007 - 10:44 PM

Looks like I have a trojan.. Win Patrol keeps reporting jkkklkjll trying to add to startup. I have run vundo dix, smitfraud that got of the rest of the stuff but this is persistent. I have turned off system restore.
Any ideas? Also I cant seem to get into safe mode using F8

Logfile of HijackThis v1.99.1
Scan saved at 10:35:09 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siemens\Tango Access Lite\app\TangoService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Siemens\TANGOA~1\app\TangoLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\DocThai\Desktop\Malware\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {51A39D43-CB2D-4735-A82F-ECCBA6ED1319} - C:\WINDOWS\system32\jkkklkj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: IE Zoom &In - C:\PROGRA~1\IEZOOM~1\IE Zoom In.htm
O8 - Extra context menu item: IE Zoom O&ut - C:\PROGRA~1\IEZOOM~1\IE Zoom Out.htm
O8 - Extra context menu item: IE Zoomer Help... - C:\PROGRA~1\IEZOOM~1\IE Zoomer Help.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in IE &Zoomer - C:\PROGRA~1\IEZOOM~1\Open in IE Zoomer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.excite.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D0E2D72-BF60-407F-964E-571B34F235F1}: NameServer = 58.64.124.150 58.64.7.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C07A30D-5195-4955-AFA2-68A8D2EFE4EB}: NameServer = 203.148.255.77,203.248.255.78
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Creative PD0630 RunApp Service (PD0630Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P0630Srv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Siemens\Tango Access Lite\app\TangoService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 24 May 2007 - 03:13 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 dthomasss

dthomasss
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 24 May 2007 - 05:15 AM

I guess that is an automatic response you give first, but as I pointed out, I alread ran vumdo fix but still having problems. Someone suggested I run Virtumondebegone and that seemed to get me back to "normal." I am posting both the new Hijack this log and virtumondbegone log for you to see...

Logfile of HijackThis v1.99.1
Scan saved at 5:05:07 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siemens\Tango Access Lite\app\TangoService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Siemens\TANGOA~1\app\TangoLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\DocThai\Desktop\Malware\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: IE Zoom &In - C:\PROGRA~1\IEZOOM~1\IE Zoom In.htm
O8 - Extra context menu item: IE Zoom O&ut - C:\PROGRA~1\IEZOOM~1\IE Zoom Out.htm
O8 - Extra context menu item: IE Zoomer Help... - C:\PROGRA~1\IEZOOM~1\IE Zoomer Help.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in IE &Zoomer - C:\PROGRA~1\IEZOOM~1\Open in IE Zoomer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.excite.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D0E2D72-BF60-407F-964E-571B34F235F1}: NameServer = 58.64.124.150 58.64.7.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C07A30D-5195-4955-AFA2-68A8D2EFE4EB}: NameServer = 203.148.255.77,203.248.255.78
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Creative PD0630 RunApp Service (PD0630Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P0630Srv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Siemens\Tango Access Lite\app\TangoService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe





[05/24/2007, 16:50:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Doc\Desktop\VirtumundoBeGone.exe" )
[05/24/2007, 16:50:41] - Detected System Information:
[05/24/2007, 16:50:41] - Windows Version: 5.1.2600, Service Pack 2
[05/24/2007, 16:50:41] - Current Username: Doc (Admin)
[05/24/2007, 16:50:41] - Windows is in NORMAL mode.
[05/24/2007, 16:50:41] - Searching for Browser Helper Objects:
[05/24/2007, 16:50:41] - BHO 1: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[05/24/2007, 16:50:41] - BHO 2: {51A39D43-CB2D-4735-A82F-ECCBA6ED1319} ()
[05/24/2007, 16:50:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:41] - Checking for HKLM\...\Winlogon\Notify\jkkklkj
[05/24/2007, 16:50:41] - Found: HKLM\...\Winlogon\Notify\jkkklkj - This is probably Virtumundo.
[05/24/2007, 16:50:41] - Assigning {51A39D43-CB2D-4735-A82F-ECCBA6ED1319} MSEvents Object
[05/24/2007, 16:50:41] - BHO list has been changed! Starting over...
[05/24/2007, 16:50:41] - BHO 1: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[05/24/2007, 16:50:41] - BHO 2: {51A39D43-CB2D-4735-A82F-ECCBA6ED1319} (MSEvents Object)
[05/24/2007, 16:50:41] - ALERT: Found MSEvents Object!
[05/24/2007, 16:50:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 16:50:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 16:50:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 16:50:41] - BHO 4: {64210AC1-4539-4B64-8407-334CBC6224ED} ()
[05/24/2007, 16:50:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:41] - Checking for HKLM\...\Winlogon\Notify\geebc
[05/24/2007, 16:50:41] - Found: HKLM\...\Winlogon\Notify\geebc - This is probably Virtumundo.
[05/24/2007, 16:50:41] - Assigning {64210AC1-4539-4B64-8407-334CBC6224ED} MSEvents Object
[05/24/2007, 16:50:42] - BHO list has been changed! Starting over...
[05/24/2007, 16:50:42] - BHO 1: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[05/24/2007, 16:50:42] - BHO 2: {51A39D43-CB2D-4735-A82F-ECCBA6ED1319} (MSEvents Object)
[05/24/2007, 16:50:42] - ALERT: Found MSEvents Object!
[05/24/2007, 16:50:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 16:50:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 16:50:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 16:50:42] - BHO 4: {64210AC1-4539-4B64-8407-334CBC6224ED} (MSEvents Object)
[05/24/2007, 16:50:42] - ALERT: Found MSEvents Object!
[05/24/2007, 16:50:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/24/2007, 16:50:42] - BHO 6: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[05/24/2007, 16:50:42] - Finished Searching Browser Helper Objects
[05/24/2007, 16:50:42] - *** Detected MSEvents Object
[05/24/2007, 16:50:42] - Trying to remove MSEvents Object...
[05/24/2007, 16:50:43] - Terminating Process: IEXPLORE.EXE
[05/24/2007, 16:50:43] - Terminating Process: RUNDLL32.EXE
[05/24/2007, 16:50:43] - Disabling Automatic Shell Restart
[05/24/2007, 16:50:44] - Terminating Process: EXPLORER.EXE
[05/24/2007, 16:50:44] - Suspending the NT Session Manager System Service
[05/24/2007, 16:50:44] - Terminating Windows NT Logon/Logoff Manager
[05/24/2007, 16:50:45] - Re-enabling Automatic Shell Restart
[05/24/2007, 16:50:45] - File to disable: C:\WINDOWS\system32\jkkklkj.dll
[05/24/2007, 16:50:45] - Renaming C:\WINDOWS\system32\jkkklkj.dll -> C:\WINDOWS\system32\jkkklkj.dll.vir
[05/24/2007, 16:50:45] - File successfully renamed!
[05/24/2007, 16:50:45] - Removing HKLM\...\Browser Helper Objects\{51A39D43-CB2D-4735-A82F-ECCBA6ED1319}
[05/24/2007, 16:50:45] - Removing HKCR\CLSID\{51A39D43-CB2D-4735-A82F-ECCBA6ED1319}
[05/24/2007, 16:50:45] - Adding Kill Bit for ActiveX for GUID: {51A39D43-CB2D-4735-A82F-ECCBA6ED1319}
[05/24/2007, 16:50:45] - Deleting ATLEvents/MSEvents Registry entries
[05/24/2007, 16:50:45] - Removing HKLM\...\Winlogon\Notify\jkkklkj
[05/24/2007, 16:50:45] - Searching for Browser Helper Objects:
[05/24/2007, 16:50:45] - BHO 1: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[05/24/2007, 16:50:45] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 16:50:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 16:50:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 16:50:45] - BHO 3: {64210AC1-4539-4B64-8407-334CBC6224ED} (MSEvents Object)
[05/24/2007, 16:50:45] - ALERT: Found MSEvents Object!
[05/24/2007, 16:50:45] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/24/2007, 16:50:45] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[05/24/2007, 16:50:45] - Finished Searching Browser Helper Objects
[05/24/2007, 16:50:45] - *** Detected MSEvents Object
[05/24/2007, 16:50:45] - Trying to remove MSEvents Object...
[05/24/2007, 16:50:46] - Terminating Process: IEXPLORE.EXE
[05/24/2007, 16:50:46] - Terminating Process: RUNDLL32.EXE
[05/24/2007, 16:50:47] - Disabling Automatic Shell Restart
[05/24/2007, 16:50:47] - Terminating Process: EXPLORER.EXE
[05/24/2007, 16:50:47] - Suspending the NT Session Manager System Service
[05/24/2007, 16:50:47] - Terminating Windows NT Logon/Logoff Manager
[05/24/2007, 16:50:47] - Re-enabling Automatic Shell Restart
[05/24/2007, 16:50:47] - File to disable: C:\WINDOWS\system32\geebc.dll
[05/24/2007, 16:50:47] - Renaming C:\WINDOWS\system32\geebc.dll -> C:\WINDOWS\system32\geebc.dll.vir
[05/24/2007, 16:50:47] - File successfully renamed!
[05/24/2007, 16:50:47] - Removing HKLM\...\Browser Helper Objects\{64210AC1-4539-4B64-8407-334CBC6224ED}
[05/24/2007, 16:50:47] - Removing HKCR\CLSID\{64210AC1-4539-4B64-8407-334CBC6224ED}
[05/24/2007, 16:50:47] - Adding Kill Bit for ActiveX for GUID: {64210AC1-4539-4B64-8407-334CBC6224ED}
[05/24/2007, 16:50:47] - Deleting ATLEvents/MSEvents Registry entries
[05/24/2007, 16:50:47] - Removing HKLM\...\Winlogon\Notify\geebc
[05/24/2007, 16:50:47] - Searching for Browser Helper Objects:
[05/24/2007, 16:50:47] - BHO 1: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[05/24/2007, 16:50:47] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/24/2007, 16:50:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/24/2007, 16:50:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/24/2007, 16:50:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/24/2007, 16:50:47] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/24/2007, 16:50:47] - BHO 4: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[05/24/2007, 16:50:47] - Finished Searching Browser Helper Objects
[05/24/2007, 16:50:47] - Finishing up...
[05/24/2007, 16:50:47] - A restart is needed.
[05/24/2007, 16:50:47] - Automatic Reboot on STOP Error is not set. User will have to manually restart.






Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles



#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 24 May 2007 - 07:13 AM

I know you've already run Vundofix, it wasn't a standard reply, because I want to look at the log it produces. there may be some more Vundo-related files on your computer that Virtumondebegone is not showing; it does not scan in as many places at Vundofix does.
Therefore, please scan with Vundofix and post back the log as requested.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 dthomasss

dthomasss
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 24 May 2007 - 11:03 AM

I ran it again And it said it didnt find anything but I don't see any log?



I know you've already run Vundofix, it wasn't a standard reply, because I want to look at the log it produces. there may be some more Vundo-related files on your computer that Virtumondebegone is not showing; it does not scan in as many places at Vundofix does.
Therefore, please scan with Vundofix and post back the log as requested.
Thanks,
Charles



#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 24 May 2007 - 11:49 AM

ran it again And it said it didnt find anything but I don't see any log?

Ok, don't worry about posting the log then.

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

You said: "that seemed to get me back to normal" in your earlier post, I see no more malware in your log, do you have any other problems?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 dthomasss

dthomasss
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 24 May 2007 - 07:18 PM

I dont seem to be having any more problems since running the virtumondbegone. I am not getting any more alerts from windows defender or WinPatrol, and no more IE popups.
In Winpatrol startup it now shows the following as disabled.. WRNotifier WRLogonNTF.dll, jkhhh.dll, geeby.dll, awtqr.dll, jkhfd.dll, mllml.dll, and geebc.dll.

I am sure I got the malware from installing a program I got from Bitcomet. I ran a virus check before I installed it. Is there a malware checker I can run on .exe files before opening them?

ran it again And it said it didnt find anything but I don't see any log?

Ok, don't worry about posting the log then.

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

You said: "that seemed to get me back to normal" in your earlier post, I see no more malware in your log, do you have any other problems?
Thanks,
Charles



#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 25 May 2007 - 03:46 AM

AVG Anti-Spyware is a good program to scan individual files with, or you could just use your antivirus software.

Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 04 June 2007 - 11:54 AM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users