Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus Errorsafe Etc


  • Please log in to reply
9 replies to this topic

#1 zirak_90

zirak_90

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 16 June 2007 - 02:52 PM

Hi, I have the same problem as the one on this topic:
http://www.bleepingcomputer.com/forums/ind...hl=WinAntiVirus

I downloadd Vundofix, scanned, removed Vundos and then rebooted. Here's the content

---------------------------------------------------------------------------------------------------------------------------


VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 06:22:52 2007-06-16

Listing files found while scanning....

C:\windows\system32\efcccdb.dll
C:\windows\system32\iifgeda.dll
C:\windows\system32\lkmoq.ini
C:\WINDOWS\system32\onnpo.bak1
C:\WINDOWS\system32\onnpo.bak2
C:\WINDOWS\system32\onnpo.ini
C:\WINDOWS\system32\opnno.dll
C:\windows\system32\opnomjg.dll
C:\windows\system32\qomkl.dll
C:\windows\system32\sqmvrmlf.dll
C:\windows\system32\viagsmvt.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\windows\system32\efcccdb.dll
C:\windows\system32\efcccdb.dll Has been deleted!

Attempting to delete C:\windows\system32\iifgeda.dll
C:\windows\system32\iifgeda.dll Has been deleted!

Attempting to delete C:\windows\system32\lkmoq.ini
C:\windows\system32\lkmoq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnpo.bak1
C:\WINDOWS\system32\onnpo.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnpo.bak2
C:\WINDOWS\system32\onnpo.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\onnpo.ini
C:\WINDOWS\system32\onnpo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnno.dll
C:\WINDOWS\system32\opnno.dll Has been deleted!

Attempting to delete C:\windows\system32\opnomjg.dll
C:\windows\system32\opnomjg.dll Has been deleted!

Attempting to delete C:\windows\system32\qomkl.dll
C:\windows\system32\qomkl.dll Has been deleted!

Attempting to delete C:\windows\system32\sqmvrmlf.dll
C:\windows\system32\sqmvrmlf.dll Has been deleted!

Attempting to delete C:\windows\system32\viagsmvt.dll
C:\windows\system32\viagsmvt.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 08:12:56 2007-06-16

Listing files found while scanning....

C:\windows\system32\ilkmp.bak1
C:\WINDOWS\system32\ilkmp.ini
C:\WINDOWS\system32\pmkli.dll
C:\windows\system32\vtuuvww.dll

Beginning removal...

Attempting to delete C:\windows\system32\ilkmp.bak1
C:\windows\system32\ilkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkmp.ini
C:\WINDOWS\system32\ilkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkli.dll
C:\WINDOWS\system32\pmkli.dll Could not be deleted.

Attempting to delete C:\windows\system32\vtuuvww.dll
C:\windows\system32\vtuuvww.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkli.dll
C:\WINDOWS\system32\pmkli.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 20:39:51 2007-06-16

Listing files found while scanning....

C:\windows\system32\tuvuvtt.dll
C:\WINDOWS\system32\vvwxx.bak1
C:\WINDOWS\system32\vvwxx.ini
C:\windows\system32\vybay.ini
C:\WINDOWS\system32\xxwvv.dll
C:\windows\system32\yabyv.dll

Beginning removal...

Attempting to delete C:\windows\system32\tuvuvtt.dll
C:\windows\system32\tuvuvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvwxx.bak1
C:\WINDOWS\system32\vvwxx.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvwxx.ini
C:\WINDOWS\system32\vvwxx.ini Has been deleted!

Attempting to delete C:\windows\system32\vybay.ini
C:\windows\system32\vybay.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxwvv.dll
C:\WINDOWS\system32\xxwvv.dll Has been deleted!

Attempting to delete C:\windows\system32\yabyv.dll
C:\windows\system32\yabyv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

________________________________________________________________________________________


And here's the combofix log

__________________________________________________________

ComboFix 07-06-13.7 - C:\Documents and Settings\Zirak\Skrivbord\ComboFix.exe
"Zirak" - 2007-06-16 21:30:27 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jddthtge.dll
C:\WINDOWS\system32\mfnspkud.dll
C:\WINDOWS\system32\wintqv32.dll
C:\WINDOWS\system32\egthtddj.ini
C:\WINDOWS\system32\dukpsnfm.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Zirak\APPLIC~1.\wnsxs~1
C:\DOCUME~1\Zirak\APPLIC~1.\wnsxs~1\wucrtupd.exe
C:\Program\Delade filer\Yazzle1162OinAdmin.exe
C:\Program\icroso~1.net
C:\WINDOWS\avp.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\winsys64.exe


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-16 21:14 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 18:13 <KAT> d-------- C:\Program\Microsoft Games
2007-06-16 12:25 125,972 --a------ C:\WINDOWS\system32\eipnptnm.dll
2007-06-16 10:00 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-16 09:33 <KAT> d-------- C:\Program\Simpsons Jeopardy!
2007-06-16 09:26 93,696 --a------ C:\WINDOWS\system32\drvvun.dll
2007-06-16 08:29 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 07:42 93,696 --a------ C:\WINDOWS\system32\drvfiv.dll
2007-06-16 06:22 <KAT> d-------- C:\VundoFix Backups
2007-06-15 17:25 <KAT> d-------- C:\WINDOWS\Simpsons Jeopardy!
2007-06-15 06:11 <KAT> d-------- C:\Program\Delade filer\Symantec Shared
2007-06-15 06:11 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-15 04:58 62,516 --a------ C:\WINDOWS\system32\gnhvyxja.dll
2007-06-15 04:41 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\argzulqf.exe
2007-06-15 04:18 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\Google
2007-06-14 19:26 <KAT> d-------- C:\Program\DivX
2007-06-14 19:17 <KAT> d-------- C:\Program\Live TV
2007-06-14 06:12 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\.wyzo
2007-06-14 00:32 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\LimeWire
2007-06-13 17:31 90,112 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 14:26 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-06-13 14:23 <KAT> d-------- C:\Program\Warcraft 2 - The Tides of Darkness
2007-06-13 12:46 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-13 12:33 <KAT> d-------- C:\WINDOWS\system32\msview
2007-06-12 15:34 <KAT> d--h----- C:\WINDOWS\PIF
2007-06-12 11:40 <KAT> d-------- C:\Program\Acoustica Shared Effects
2007-06-10 18:35 262,144 --a------ C:\DOCUME~1\GST~1\NTUSER.DAT
2007-06-10 15:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-10 00:38 <KAT> d--hs---- C:\WINDOWS\CSC
2007-06-09 15:27 <KAT> d-------- C:\WINDOWS\.jagex_cache_32
2007-06-09 14:41 <KAT> d-------- C:\WINDOWS\system32\appmgmt
2007-06-09 14:32 <KAT> d-------- C:\WINDOWS\Downloaded Installations
2007-06-08 11:07 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-06-08 10:45 <KAT> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-06-08 06:03 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\vlc
2007-06-08 03:52 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\Acoustica
2007-06-07 14:55 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-06-07 14:27 <KAT> d--h----- C:\Program\InstallShield Installation Information
2007-06-07 14:26 <KAT> d-------- C:\Program\Delade filer\InstallShield
2007-06-07 14:24 <KAT> d-------- C:\Program\DAEMON Tools
2007-06-07 09:52 <KAT> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-06-06 20:36 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\uTorrent
2007-06-06 20:19 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\WinRAR
2007-06-06 19:04 <KAT> dr------- C:\DOCUME~1\ADMINI~1\Mina dokument
2007-06-06 18:59 <KAT> d-------- C:\WINDOWS\system32\sv-se
2007-06-06 18:51 <KAT> d-------- C:\WINDOWS\network diagnostic
2007-06-05 21:25 <KAT> d-------- C:\DOCUME~1\Zirak\Contacts
2007-06-05 20:26 <KAT> d-------- C:\Program\DC++
2007-06-05 19:01 <KAT> d-------- C:\DOCUME~1\Zirak\Lokala instllningar
2007-06-05 16:16 3,670,016 --ah----- C:\DOCUME~1\Zirak\NTUSER.DAT
2007-06-05 16:16 <KAT> dr------- C:\DOCUME~1\Zirak\Start-meny
2007-06-05 16:16 <KAT> dr------- C:\DOCUME~1\Zirak\Favoriter
2007-06-05 16:16 <KAT> d--h----- C:\DOCUME~1\Zirak\Skrivare
2007-06-05 16:16 <KAT> d--h----- C:\DOCUME~1\Zirak\N„tverket
2007-06-05 16:16 <KAT> d--h----- C:\DOCUME~1\Zirak\Mallar
2007-06-05 16:16 <KAT> d--h----- C:\DOCUME~1\Zirak\Lokala inst„llningar
2007-06-05 16:16 <KAT> d-------- C:\DOCUME~1\Zirak\Skrivbord
2007-06-05 16:13 2,621,440 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-05 16:13 <KAT> dr------- C:\DOCUME~1\ADMINI~1\Start-meny
2007-06-05 16:13 <KAT> dr------- C:\DOCUME~1\ADMINI~1\Favoriter
2007-06-05 16:13 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Skrivare
2007-06-05 16:13 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\N„tverket
2007-06-05 16:13 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Mallar
2007-06-05 16:13 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Lokala inst„llningar
2007-06-05 16:13 <KAT> d-------- C:\DOCUME~1\ADMINI~1\Skrivbord
2007-06-01 19:05 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 05:49:03 -------- d-----w C:\Program\Winamp
2007-06-14 04:12:11 -------- d-----w C:\DOCUME~1\Zirak\APPLIC~1\.wyzo
2007-06-07 13:15:12 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-07 12:08:01 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-05 19:13:38 -------- d-----w C:\Program\Microsoft LifeCam
2007-05-19 18:45:58 -------- d-----w C:\Program\Lx_cats
2007-05-16 15:20:05 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-27 20:11:48 -------- d-----w C:\Program\Delade filer\Adobe Systems Shared
2007-04-25 14:22:55 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:03:59 -------- d-----w C:\Program\Lexmark 730 Series
2007-04-11 15:27:29 47,992 ----a-w C:\WINDOWS\system32\perfc01D.dat
2007-04-11 15:27:29 315,338 ----a-w C:\WINDOWS\system32\perfh01D.dat
2007-04-09 09:50:51 0 --sha-r C:\MSDOS.SYS
2007-04-09 09:50:51 0 --sha-r C:\IO.SYS
2007-04-09 09:50:51 0 ----a-w C:\CONFIG.SYS
2007-04-09 09:50:51 0 ----a-w C:\AUTOEXEC.BAT
2007-04-09 09:42:21 21,700 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-18 23:04:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-18 23:04:22 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-03-17 13:45:59 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll []
{0B4B68A2-C6C8-4DCD-BC08-380149BFCE93}=C:\WINDOWS\system32\xxwvv.dll []
{2C2FC76A-8360-45BD-83EB-8B0E3E0A28Aa}=C:\WINDOWS\system32\eipnptnm.dll [2007-06-16 12:25]
{468E7657-0FF0-479F-9F70-8B71DDBCA692}=C:\WINDOWS\system32\opnno.dll []
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\gnhvyxja.dll [2007-06-15 04:58]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{B11F15F5-525C-4AB8-9D60-A25F9F72F818}=C:\WINDOWS\system32\eipnptnm.dll [2007-06-16 12:25]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}=C:\Program\Live_TV\tbLiv0.dll []
{F654152D-1F45-421F-9AFE-E9EB65435317}=C:\WINDOWS\system32\pmkli.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="C:\Program\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"WinProfile"="sndcfg16.exe" []
"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"I/O Controllers"="svcnet.exe" []
"argzulqf.exe"="C:\Documents and Settings\All Users\Application Data\argzulqf.exe" [2007-06-15 04:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
"I/O Controllers"="svcnet.exe" []
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinProfile"=sndcfg16.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 21:36:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-16 21:39:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 21:38

--- E O F ---

_________________________________________________________________________________

And here's a HijackThis Log
_________________________________________________________________________________



Logfile of HijackThis v1.99.1
Scan saved at 21:46:16, on 2007-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Zirak\Skrivbord\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {0B4B68A2-C6C8-4DCD-BC08-380149BFCE93} - C:\WINDOWS\system32\xxwvv.dll (file missing)
O2 - BHO: (no name) - {2C2FC76A-8360-45BD-83EB-8B0E3E0A28Aa} - C:\WINDOWS\system32\eipnptnm.dll
O2 - BHO: (no name) - {468E7657-0FF0-479F-9F70-8B71DDBCA692} - C:\WINDOWS\system32\opnno.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gnhvyxja.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B11F15F5-525C-4AB8-9D60-A25F9F72F818} - C:\WINDOWS\system32\eipnptnm.dll
O2 - BHO: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O2 - BHO: (no name) - {F654152D-1F45-421F-9AFE-E9EB65435317} - C:\WINDOWS\system32\pmkli.dll (file missing)
O3 - Toolbar: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O4 - HKLM\..\Run: [LifeCam] "C:\Program\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

_______________________________________________________________________


I hope u can help me because I've downloaded so many Anti-virus programs and removed lots of threats but they still exist. Thanks for any help!

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:52 PM

Posted 16 June 2007 - 03:59 PM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R3 - URLSearchHook: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {0B4B68A2-C6C8-4DCD-BC08-380149BFCE93} - C:\WINDOWS\system32\xxwvv.dll (file missing)
O2 - BHO: (no name) - {2C2FC76A-8360-45BD-83EB-8B0E3E0A28Aa} - C:\WINDOWS\system32\eipnptnm.dll
O2 - BHO: (no name) - {468E7657-0FF0-479F-9F70-8B71DDBCA692} - C:\WINDOWS\system32\opnno.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gnhvyxja.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B11F15F5-525C-4AB8-9D60-A25F9F72F818} - C:\WINDOWS\system32\eipnptnm.dll
O2 - BHO: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O2 - BHO: (no name) - {F654152D-1F45-421F-9AFE-E9EB65435317} - C:\WINDOWS\system32\pmkli.dll (file missing)
O3 - Toolbar: Live_TV - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program\Live_TV\tbLiv0.dll (file missing)
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [argzulqf.exe] C:\Documents and Settings\All Users\Application Data\argzulqf.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\WINDOWS\system32\eipnptnm.dll
C:\WINDOWS\system32\sysmon32.exe
C:\WINDOWS\system32\drvvun.dll
C:\WINDOWS\system32\drvfiv.dll
C:\WINDOWS\system32\gnhvyxja.dll
C:\WINDOWS\system32\sndcfg16.exe
C:\WINDOWS\system32\svcnet.exe
C:\Documents and Settings\All Users\Application Data\argzulqf.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the fox --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot back to normal mode now.

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

#3 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 16 June 2007 - 07:34 PM

Thank u so much for helping. Btw I got a lot of viruses on the scan, does that mean I didn't follo the instructions?
Anyway I was gonna paste the webscan report here but it lagged as hell so I uploaded it on an other site, I hope that doesn't affect anything?

http://www.zshare.net/download/23038934510e3d/

And here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 02:06:53, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program\internet explorer\iexplore.exe
C:\Documents and Settings\Zirak\Skrivbord\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:52 PM

Posted 17 June 2007 - 03:57 AM

I see you haven't installed an antivirus yet as insutructed; please do this before we continue.

#5 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 17 June 2007 - 12:29 PM

That's odd because I actually have AVG Anti-Spyware and have it since a couple of days ago....

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:52 PM

Posted 17 June 2007 - 01:05 PM

AVG Anti-Spyware is not an antivirus, it is an antispyware. In simple terms they target differnt things are protect your computer in many different ways. An antivirus will protect you from the likes of malicious scripts and malicious sites trying to infect your PC; anti-spyware progams such as AVG Anti-Spyware will have a real time monitor which simply protect you from the files in their database that are known to be bad. As you have AVG already on your PC in the antispyware form, you might like the free antivirus, they should work together very well:
http://free.grisoft.com/freeweb.php/doc/2/

Please install an antivirus and let me know when you have done so by posting a new Hijackthis log.

#7 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 17 June 2007 - 10:35 PM

I've installed AVG now. Here's the Hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 10:32:45, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Zirak\Skrivbord\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Edited by zirak_90, 18 June 2007 - 03:34 AM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:52 PM

Posted 18 June 2007 - 12:17 PM

Good work! Let's continue.. :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Using Windows Explorer, please locate the following files/folders, and delete them if still present:

C:\QooBox
C:\VundoFix Backups

We need to purge your infected system restore points.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Check Turn off System Restore, click Apply, and then click OK.
More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start > All Programs > Accessories > System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create, and after it has created the restore point, click "Close".
Further instructions on creating a restore point can be found here

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the box --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Reboot a final time and let me know how the PC is running.
I see a clean HJT log now! :flowers:

#9 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 19 June 2007 - 01:35 AM

Everything runs perfectly now.
THANK U SO MUCH!!!!!!!! :flowers: :huh: :huh: :thumbsup: :huh:

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:52 PM

Posted 19 June 2007 - 09:01 AM

Glad I could help! :flowers:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
:thumbsup: If you wish to learn how to use HijackThis to remove malware, you might like to join the Malware Removal Training Program!

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users