how can i remove darksma from my computer? Help!

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

how can i remove darksma from my computer? Help!

Options

silentdreamer88 View Member Profile	Apr 7 2007, 10:44 AM Post #1
New Member Posts: 7 OS: Windows XP	Hi, I need help. My computer recently got affected by Darksma. I keep on getting pop ups which I can not remove. Yahoo Anti-spy can detect it though my CA Anti-Virus, sometime detect it, but sometimes not. I remove it everytime but is still there everytime I run the checks. Please help! I've tried "vundofix" - nothing was detected & Ccleaner but to no avail. I've pasted below my hijack this log. Appreciate all the help!!!! Logfile of HijackThis v1.99.1 Scan saved at 12:36:53 AM, on 4/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe D:\WINDOWS\Explorer.EXE D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\AGRSMMSG.exe D:\Program Files\Synaptics\SynTP\SynTPLpr.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Java\jre1.5.0\bin\jusched.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe D:\Program Files\MSN Messenger\MsnMsgr.Exe D:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe D:\WINDOWS\NCLAUNCH.EXe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Skype\Plugin Manager\SkypePM.exe D:\Documents and Settings\Owner\My Documents\Installation Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=DQAAAHQA...tbvA4TKTnVi5Dcg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {2fcce0df-4bfb-48c5-bd95-985297568549} - D:\WINDOWS\system32\hidecp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [cctray] "D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] D:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ChikkaDefault] D:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: hidecp - D:\WINDOWS\SYSTEM32\hidecp.dll O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\ O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe µTorrent Adobe Flash Player 9 ActiveX Adobe Reader 8 Agere Systems AC'97 Modem AJScreensaver Broadcom 802.11 Wireless LAN Adapter CA Anti-Virus CCleaner (remove only) Chikka Messenger V4 DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Don't Touch My Computer 2 Screen Saver Google Gmail Notifier HijackThis 1.99.1 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) HP Help and Support HP Integrated Module with Bluetooth wireless technology Intel® Graphics Media Accelerator Driver for Mobile InterVideo DVD Check InterVideo WinDVD iTunes J2SE Runtime Environment 5.0 LimeWire PRO 4.12.6 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Reader Mindjet MindManager Pro 6 MSXML 4.0 SP2 (KB927978) Nero 7 Essentials Palm Desktop PDF-XChange 3.0 QuickTime RealPlayer Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Skype 3.0 Skype add-on for IE Skype Plugin Manager Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager Spybot - Search & Destroy 1.4 Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515 drivers. Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB929338) Update for Windows XP (KB931836) VideoLAN VLC media player 0.8.6a Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows Support Tools Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892559 WinRAR archiver Yahoo! Anti-Spy Yahoo! Install Manager Yahoo! Messenger Yahoo! Toolbar

Noviciate View Member Profile	Apr 7 2007, 03:56 PM Post #2
Trusted Helper Posts: 1,421 From: Numpty HQ OS: Windows XP	You have an entry in your log that points to a file on your PC that I would like to have checked - if it is still present. Please go to Jotti's and click on the Browse... button at the top and navigate to the following file and then click on Submit: D:\WINDOWS\SYSTEM32\hidecp.dll When all the scans have been completed, please copy and paste the results into your next reply. If this site is busy, try VirusTotal: Click the Browse ... button at the top, navigate to the file and double click it and then click the Send button. You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here. * These files are hidden to stop you accidentally removing something important. It is advisable to hide them again after you have done. *

silentdreamer88 View Member Profile	Apr 7 2007, 07:34 PM Post #3
New Member Posts: 7 OS: Windows XP	Hi, Thanks for the fast reply Here is the result from Jotti: File: hidecp.dll Status: INFECTED/MALWARE MD5 573f4e55e55e87057b86956b89643a1b Packers detected: - Scan taken on 08 Apr 2007 01:30:03 (GMT) AntiVir Found TR/Dldr.ConHook.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Downloader.ConHook.AI ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found Packed/Upack VBA32 Found nothing

Noviciate View Member Profile	Apr 7 2007, 07:59 PM Post #4
Trusted Helper Posts: 1,421 From: Numpty HQ OS: Windows XP	Download a fresh copy of VundoFix.exe by Atribune from here and save it to your desktop. Close all open programs and windows as this may require a reboot. Double click Vundofix.exe Right click an empty area of the central window. Click Add more files? Copy and paste the following into one of the two boxes: D:\WINDOWS\SYSTEM32\hidecp.dll Click Add File(s). Click Close Window. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Post the contents of D:\vundofix.txt and a new HijackThis log. Note: It is possible that VundoFix encountered a file it could not remove - in this case, VundoFix will run on reboot - simply repeat the above instructions.

silentdreamer88 View Member Profile	Apr 7 2007, 09:49 PM Post #5
New Member Posts: 7 OS: Windows XP	Hi, I ran Vundofix.exe twice (including indicating the file D:\WINDOWS\SYSTEM32\hidecp.dll), however it did not detect anything. What else can I do to remove? Thanks!!!

Noviciate View Member Profile	Apr 8 2007, 01:23 PM Post #6
Trusted Helper Posts: 1,421 From: Numpty HQ OS: Windows XP	QUOTE Post the contents of D:\vundofix.txt and a new HijackThis log.

silentdreamer88 View Member Profile	Apr 9 2007, 10:11 AM Post #7
New Member Posts: 7 OS: Windows XP	Here they are: Vundofix Log: Beginning removal... VundoFix V6.3.19 Checking Java version... Scan started at 11:14:30 AM 4/8/2007 Listing files found while scanning.... No infected files were found HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 12:10:16 AM, on 4/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe D:\WINDOWS\Explorer.EXE D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\AGRSMMSG.exe D:\Program Files\Synaptics\SynTP\SynTPLpr.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Java\jre1.5.0\bin\jusched.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe D:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe D:\WINDOWS\NCLAUNCH.EXe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\Owner\My Documents\Installation Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=DQAAAHQA...tbvA4TKTnVi5Dcg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {2fcce0df-4bfb-48c5-bd95-985297568549} - D:\WINDOWS\system32\hidecp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [cctray] "D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] D:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ChikkaDefault] D:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: hidecp - D:\WINDOWS\SYSTEM32\hidecp.dll O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\ O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Noviciate View Member Profile	Apr 9 2007, 12:39 PM Post #8
Trusted Helper Posts: 1,421 From: Numpty HQ OS: Windows XP	Download OTMoveIt.exe by OldTimer from here and save it to your Desktop. Double click OTMoveIt.exe to run it. Copy the following Files/Folders to your clipboard and then right click the "Paste List of Files/Folders to be moved" window and select Paste: D:\WINDOWS\system32\hidecp.dll Click MoveIt! If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. The malicious file will be moved to the following folder - D:\_OTMoveIt. I'd like you to email the folder to an address that i'll send you via a PM as it appears to be a Vundo file that Vundofix doesn't pick up - i'm sure that Atribune will be interested. Let me have a fresh HJT log once this is done and we'll see what we see.

silentdreamer88 View Member Profile	Apr 10 2007, 09:36 AM Post #9
New Member Posts: 7 OS: Windows XP	I have sent the OT move it to the email. Please see below the Hijack this log. Logfile of HijackThis v1.99.1 Scan saved at 11:35:09 PM, on 4/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\AGRSMMSG.exe D:\Program Files\Synaptics\SynTP\SynTPLpr.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\WINDOWS\system32\igfxtray.exe D:\WINDOWS\system32\hkcmd.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\Java\jre1.5.0\bin\jusched.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe D:\WINDOWS\NCLAUNCH.EXe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Owner\My Documents\Installation Files\HijackThis.exe D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=DQAAAHQA...tbvA4TKTnVi5Dcg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {2fcce0df-4bfb-48c5-bd95-985297568549} - D:\WINDOWS\system32\hidecp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [cctray] "D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] D:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ChikkaDefault] D:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = D:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: hidecp - hidecp.dll (file missing) O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\ O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

Noviciate

Apr 10 2007, 12:22 PM

Post #10

Trusted Helper
Group Icon

Posts: 1,421
From: Numpty HQ
OS: Windows XP

QUOTE

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.

There are a few free firewalls available.
Zone Alarm: Available here.
Kerio: Available here.
Outpost: Available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/tutorial60.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

QUOTE

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avg-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

Updating AVG Anti-Spyware:

Click the Update icon at the top and under "Manual Update" - click the Start update button.
Either AVG A-S will update or inform you that no update was available.
If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
Once you have installed AVG A-S, double click avgas-signatures-current.exe to update it.

Disabling the Resident Shield:
By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
(When the PC has been cleaned you can activate the shield again, if you wish.)
Click the Shield icon at the top and under "Resident shield is..." - click active.
This should now change to inactive.

Changing Recommended Actions
Click the Scanner icon at the top and then click the Settings Tab.
Under "How to act?" click Recommended actions and select "Quarantine" from the menu.

You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protect