Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vcodec...Frustrating me!


  • Please log in to reply

#1
Sideshow

Sideshow

    Member

  • Member
  • PipPip
  • 13 posts
Ok. I spent maybe 2 hours last night trying the Spyware Quake Self-Removal guide and found that it wasnt it add/remove programs in safe mode.

Im using Windows XP Pro (SP2), and my anti virus software is Trend-Micro PC-Cillin Anti Virus 2006. Im using Spybot for spyware.

Yesterday I got home and turned on my computer. I let spybot do a check and same with PC-Cillin. No viruses but i noticed 2 shortvuts installed on my desktop "Computer Security" and somthing else. Also had a icon in the taskbar I couldnt get rid of. Spybot said I have Vcodec. I did some reasearch on here and tried my best to remove it with your guides but I now need your help.

HIJACK THIS LOG -


Logfile of HijackThis v1.99.1
Scan saved at 12:50:08 PM, on 31/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143168496296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143334629734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe





Thanks guys, any help is appreciated. :whistling:
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#3
Sideshow

Sideshow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Wow! This really surprised me!



Panda Report:



Incident Status Location

Adware:adware/emediacodec Not disinfected C:\Documents and Settings\All Users.WINDOWS\Desktop\Online Security Guide.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\The Kipps\Cookies\the [email protected][1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Application Data\Mozilla\Firefox\Profiles\2rssyo24.default\cookies.txt[]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Cookies\the [email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Desktop\smitRem.exe[Process.exe]
Adware:adware/securityerror Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Favorites\Antivirus Test Online.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temp\Cookies\the [email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\W5ERGTQZ\smitRem[1].exe[Process.exe]
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\1024\ld3229.tmp
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\1024\ldADA5.tmp
Virus:Trj/Agent.BRX Disinfected C:\WINDOWS\system32\dfrgsrv.exe
Adware:adware/spywarequake Not disinfected C:\WINDOWS\system32\stickrep.dll




HIJACK THIS:

Logfile of HijackThis v1.99.1
Scan saved at 1:56:33 PM, on 01/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_265514] C:\WINDOWS\system32\ActiveScan\pavdr.exe 265514
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143168496296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143334629734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click Here and download Killbox and save it to your desktop.


* Click here to download FixSQ.zip and save it to your desktop.
Unzip it to extract the FixSQ.reg file it contains.


* Click here for info on how to boot to safe mode if you don't already know how.


* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Go to Add/Remove programs and uninstall SpywareQuake if it is there. Do not restart your computer if it asks you to do so.


* Doublclick on the FixSQ.reg file to add it to the registry.
Answer yes to confirm the merge.


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\WINDOWS\system32\stickrep.dll

    C:\WINDOWS\system32\1024

    C:\WINDOWS\system32\dfrgsrv.exe

    C:\Documents and Settings\All Users.WINDOWS\Desktop\Online Security Guide.url

    C:\Program Files\SpywareQuake


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#5
Sideshow

Sideshow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay heres Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, April 04, 2006 7:07:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/04/2006
Kaspersky Anti-Virus database records: 186258
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 42360
Number of viruses found: 6
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 00:25:28

Infected Object Name / Virus Name / Last Action
C:\!KillBox\stickrep.dll Infected: Trojan-Downloader.Win32.Zlob.jx skipped
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\WHYF8DUZ\eCodec-v4.148[1].exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jz skipped
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\WHYF8DUZ\eCodec-v4.148[1].exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.jy skipped
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\WHYF8DUZ\eCodec-v4.148[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\WHYF8DUZ\eCodec-v4.148[1].exe UPX: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4.tmp Infected: Trojan-Downloader.Win32.Zlob.is skipped
C:\System Volume Information\_restore{EE02EE8B-C661-4484-B572-E606383120E1}\RP63\A0058382.tlb Infected: Trojan-Downloader.Win32.Zlob.js skipped
C:\System Volume Information\_restore{EE02EE8B-C661-4484-B572-E606383120E1}\RP69\A0063904.exe Infected: Trojan-Downloader.Win32.Zlob.jy skipped
C:\System Volume Information\_restore{EE02EE8B-C661-4484-B572-E606383120E1}\RP69\A0063938.dll Infected: Trojan-Downloader.Win32.Zlob.jx skipped
C:\WINDOWS\system32\hp65CE.tmp Infected: Trojan-Downloader.Win32.Zlob.js skipped
C:\WINDOWS\system32\interf.tlb Infected: Trojan-Downloader.Win32.Zlob.js skipped
C:\WINDOWS\system32\ldE85C.tmp Infected: Trojan-Downloader.Win32.Zlob.jt skipped

Scan process completed.



HIJACK THIS:


Logfile of HijackThis v1.99.1
Scan saved at 10:08:25 PM, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143168496296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143334629734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\The Kipps.TEAM-94ADC45B30\Local Settings\Temporary Internet Files\Content.IE5\WHYF8DUZ\eCodec-v4.148[1].exe
    C:\WINDOWS\system32\hp65CE.tmp
    C:\WINDOWS\system32\interf.tlb
    C:\WINDOWS\system32\ldE85C.tmp


  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP