Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT - winmbj32.dll [RESOLVED]

Started by Nadeem , Aug 18 2006 05:19 AM

  • This topic is locked This topic is locked

#1
Nadeem
Posted 18 August 2006 - 05:19 AM

Nadeem

    New Member

  • Member
  • Pip
  • 4 posts
This is the log which Was created by HijackThis run in Normal mode of windows xp:

Logfile of HijackThis v1.99.1
Scan saved at 12:16:01, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinTV\Ir.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iTouch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [b6e0a61d.exe] C:\Documents and Settings\Mohammed Nadeem\Local Settings\Application Data\b6e0a61d.exe
O4 - Startup: iTouch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: iTouch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall....ivex/hcImpl.cab
O18 - Protocol: bw+0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Its not showing the winmbj32.dll error here, however, when I do a kaspersky scan, i get :
C:\WINDOWS\system32\winmbj32.dll Infected: Packed.Win32.Klone.g
  • 0

Advertisements

#2
JSntgRvr
Posted 18 August 2006 - 06:45 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Nadeem :whistling:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. Do nothing with it yet.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed file: [attachment=10266:attachment]
Extract its contents to the desktop. It is a Registry Entries file, Regfix.reg. Do nothing with it yet.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [b6e0a61d.exe] C:\Documents and Settings\Mohammed Nadeem\Local Settings\Application Data\b6e0a61d.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O18 - Protocol: bw+0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0C53E6F3-C49A-4468-B36A-11451CE12CF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Note: Please be careful when checking the 018 lines. There is an 018 line that responds to the MSN Messenger. Do not check that line.

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Double click on the Regfix.reg file on your desktop and select Yes when prompted to merge it into the registry.

RIGHT-CLICK DelDomains.inf on your desktop and select: Install

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Logitech Desktop Messenger

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Logitech\Desktop Messenger
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Mohammed Nadeem\Local Settings\Application Data\b6e0a61d.exe
    C:\WINDOWS\system32\winmbj32.dll
    C:\WINDOWS\system32\spool32.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly in Safe Mode.

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido .
Restart back into Windows normally now.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the Ewido and ActiveScan reports.
  • 0

#3
JSntgRvr
Posted 18 August 2006 - 06:54 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Nadeem :whistling:

Your computer show no sign of an Antivirus Program. Please click Here to download AVG Free and install the application.
  • 0

#4
Nadeem
Posted 19 August 2006 - 11:35 AM

Nadeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Did all the above. I get this:

Logfile of HijackThis v1.99.1
Scan saved at 18:32:49, on 19/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinTV\Ir.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iTouch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: iTouch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: iTouch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:02:40 18/08/2006

+ Scan result:



C:\!KillBox\spool32.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iifeccd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\SlySoft\AnyDVD\RegCheck.exe -> Trojan.Pakes.GB : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Adware:adware/commad Not disinfected C:\Documents and Settings\Mohammed Nadeem\Application Data\NetMon
Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winmbj32.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mohammed Nadeem\Cookies\mohammed nadeem@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mohammed Nadeem\Cookies\mohammed nadeem@doubleclick[1].txt
Virus:W32/Mytob.FD.worm Disinfected Archive Folders\Deleted Items\Your password has been successfully updated\updated-password.zip[updated-password.htm .exe]
Virus:W32/Mytob.FD.worm Disinfected Archive Folders\Deleted Items\Your new account password is approved\updated-password.zip[updated-password.htm .exe]
Virus:W32/Mytob.FD.worm Disinfected Archive Folders\Deleted Items\Your Account is Suspended For Security Reasons\important-details.zip[important-details.htm .scr]
Virus:W32/Mytob.FD.worm Disinfected Archive Folders\Deleted Items\Your Account is Suspended For Security Reasons\important-details.zip[important-details.htm .exe]
Virus:W32/Mabutu.A.worm Disinfected Archive Folders\Deleted Items\gutted\creme_de_gruyere.zip[creme_de_gruyere.jpg .scr]
Virus:W32/Lebreat.A.worm Disinfected Archive Folders\Deleted Items\Password\box.bat
Virus:Trj/Mitglieder.EK Disinfected Archive Folders\Deleted Items\Work and taxes.rar[Taxes.exe]
Virus:Trj/Mitglieder.EV Disinfected Archive Folders\Deleted Items\new_price.zip[price.cpl]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: SMTP Server\message.pif
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: bill\bill.txt.exe
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Secure SMTP Message\data.doc.pif
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Bagle.GF.worm Disinfected Archive Folders\Deleted Items\Henry\Nicholaus.zip[foto_5321.exe]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Protected Mail System\msg_mnad1234.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Protected Mail Request\data.zip[data.rtf .scr]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Spam\list_ed.zip[data.rtf .scr]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Protected Mail System\msg_mnad1234.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Fwd: Warning again\abuses.pif
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Status\details.zip[details.txt .pif]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: approved word document\document.zip[document.txt .exe]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Failure\readme.zip[document.txt .exe]
Hacktool:Exploit/iFrame Not disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Encrypted Mail\details.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Archive Folders\Deleted Items\Re: Extended Mail System\readme.pif
Virus:Js/Ider.A.worm Disinfected Personal Folders\Deleted Items\SPECIAL OFFERS\data.zip
Virus:Trj/Nabload.DV Disinfected Personal Folders\Deleted Items\[order ref 7119606] Credit Card Chargeback\ref 7119606.zip[ref 7119606.exe]
Virus:Trj/Banker.CZI Disinfected Personal Folders\Deleted Items\[ORDER ID 0220712] WorldPay Chargeback\ID 0220712.zip[ID 0220712.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{D0C4255D-0AFD-2057-0108-04111903002c}\services.dll
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\WAREZ_collection\FTP Server\Serv-U-FTP v4 + KeyGen.zip[Serve-U-FTP_setup.exe][SERVUDAEMON.EXE]
Hacktool:Hacktool/RegPatch.A Not disinfected C:\WAREZ_collection\Other Applications\ShowShifter v3.01.2557+Crack.zip[ShowShifter.v3.01.2557-KYA.ZIP][ShowShifter.v3.01.2557-KYA/crack.exe]
Potentially unwanted tool:Application/Spyagent.A Not disinfected C:\WAREZ_collection\Other Applications\Spytech Spyagent v4.3 Full.exe


I still get the popup about winantivirus....????
  • 0

#5
JSntgRvr
Posted 19 August 2006 - 11:45 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Nadeem. :whistling:

Please go to the Add/Remove Programs option in the Control Panel and Remove ALL previous versions of JAVA. Then, please click here to download the latest version of JAVA 1.5.0.07. and Install the application. If you experience problems with the Auto install, click on Manual Download for the Offline Bundle.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  • 0

#6
Nadeem
Posted 19 August 2006 - 02:42 PM

Nadeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 21:41:04, on 19/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Mohammed Nadeem\Start Menu\Programs\Startup\iTouch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {F2CFF40E-1DEE-4BB3-8CD1-671F50F065A7} - C:\WINDOWS\system32\sstqn.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: iTouch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: iTouch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe




VundoFix V6.1.0

Checking Java version...

Java version is 1.5.0.8

Scan started at 21:30:46 19/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\hlrtplck.exe
C:\WINDOWS\system32\mpsdswop.exe
C:\WINDOWS\system32\ocroefqq.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hlrtplck.exe
C:\WINDOWS\system32\hlrtplck.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpsdswop.exe
C:\WINDOWS\system32\mpsdswop.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocroefqq.exe
C:\WINDOWS\system32\ocroefqq.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.0

Checking Java version...

Java version is 1.5.0.8

Scan started at 21:35:44 19/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#7
JSntgRvr
Posted 19 August 2006 - 06:19 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Nadeem. :whistling:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {F2CFF40E-1DEE-4BB3-8CD1-671F50F065A7} - C:\WINDOWS\system32\sstqn.dll (file missing)
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Mohammed Nadeem\Application Data\NetMon
    C:\Program Files\Common Files\{D0C4255D-0AFD-2057-0108-04111903002c}\services.dll
    C:\WAREZ_collection\FTP Server\Serv-U-FTP v4 + KeyGen.zip
    C:\WAREZ_collection\Other Applications\ShowShifter v3.01.2557+Crack.zip
    C:\WAREZ_collection\Other Applications\Spytech Spyagent v4.3 Full.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

The rest of the log looks clear. How is the computer doing?
  • 0

#8
Nadeem
Posted 21 August 2006 - 11:10 PM

Nadeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks alot guys. My computers all sorted. You gave good clear instructions and my computer does seem fine. I will do another HJT report in about a week and post it to see if its all clear. Cheers again
  • 0

#9
JSntgRvr
Posted 03 September 2006 - 06:53 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP