Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware and Registry Problem


  • This topic is locked This topic is locked

#1
Mike19

Mike19

    Member

  • Member
  • PipPip
  • 19 posts
I've been trying to eliminate some Malware Problems...
I have followed the steps to remove Malware from the site listed...
but havent been able to remove some of it... so im in need of some assistence :/ Thanks
Any comments on what to remove/how to fix would be appreciated

HJT Log..

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SYSTEM32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {D5661C1F-F3F9-8608-8DA9-D328917A32CF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B438005-168F-4346-B76A-D017530F6646} - D:\WINDOWS\system32\vtsqq.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\pxkxxild.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CFB8789D-DCAA-4848-83A1-2CFCA0F5AF5C} - D:\WINDOWS\system32\awvvw.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1010007345014
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164769248640
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O20 - Winlogon Notify: vtsqq - D:\WINDOWS\system32\vtsqq.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\System32\wdfmgr.exe (file missing)

Edited by Mike19, 02 December 2006 - 12:09 AM.

  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Could you post your full HJT log - don't chop the top off.

Thanks.
  • 0

#3
Mike19

Mike19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry about that :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:49 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SYSTEM32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {D5661C1F-F3F9-8608-8DA9-D328917A32CF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B438005-168F-4346-B76A-D017530F6646} - D:\WINDOWS\system32\vtsqq.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\pxkxxild.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CFB8789D-DCAA-4848-83A1-2CFCA0F5AF5C} - D:\WINDOWS\system32\awvvw.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1010007345014
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164769248640
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O20 - Winlogon Notify: vtsqq - D:\WINDOWS\system32\vtsqq.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\System32\wdfmgr.exe (file missing)
  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
No problem - just gives us a bit more info on your OS etc. OK, please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
  • 0

#5
Mike19

Mike19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:21:26 AM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SYSTEM32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {D5661C1F-F3F9-8608-8DA9-D328917A32CF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\pxkxxild.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7CEEC573-6299-4EE8-8604-B44896E4EE0A} - D:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CFB8789D-DCAA-4848-83A1-2CFCA0F5AF5C} - D:\WINDOWS\system32\awvvw.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1010007345014
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164769248640
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\System32\wdfmgr.exe (file missing)







VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 7:35:14 PM 12/1/2006

Listing files found while scanning....

D:\WINDOWS\system32\awvvw.dll
D:\WINDOWS\system32\wvvwa.ini
D:\WINDOWS\system32\wvvwa.bak1
D:\WINDOWS\system32\wvvwa.bak2
D:\WINDOWS\system32\wvvwa.ini2
D:\WINDOWS\system32\wvvwa.tmp

Beginning removal...

Attempting to delete D:\WINDOWS\system32\awvvw.dll
D:\WINDOWS\system32\awvvw.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvvwa.ini
D:\WINDOWS\system32\wvvwa.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvvwa.bak1
D:\WINDOWS\system32\wvvwa.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvvwa.bak2
D:\WINDOWS\system32\wvvwa.bak2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvvwa.ini2
D:\WINDOWS\system32\wvvwa.ini2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\wvvwa.tmp
D:\WINDOWS\system32\wvvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 12:07:43 AM 12/2/2006

Listing files found while scanning....

D:\WINDOWS\system32\vtsqq.dll
D:\WINDOWS\system32\qqstv.ini
D:\WINDOWS\system32\qqstv.bak1
D:\WINDOWS\system32\qqstv.ini2
D:\WINDOWS\system32\qqstv.tmp

Beginning removal...

Attempting to delete D:\WINDOWS\system32\vtsqq.dll
D:\WINDOWS\system32\vtsqq.dll Has been deleted!

Attempting to delete D:\WINDOWS\system32\qqstv.ini
D:\WINDOWS\system32\qqstv.ini Has been deleted!

Attempting to delete D:\WINDOWS\system32\qqstv.bak1
D:\WINDOWS\system32\qqstv.bak1 Has been deleted!

Attempting to delete D:\WINDOWS\system32\qqstv.ini2
D:\WINDOWS\system32\qqstv.ini2 Has been deleted!

Attempting to delete D:\WINDOWS\system32\qqstv.tmp
D:\WINDOWS\system32\qqstv.tmp Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#6
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, good, but still got some pests in there. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - URLSearchHook: (no name) - {D5661C1F-F3F9-8608-8DA9-D328917A32CF} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - D:\WINDOWS\system32\pxkxxild.dll
O2 - BHO: (no name) - {7CEEC573-6299-4EE8-8604-B44896E4EE0A} - D:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {CFB8789D-DCAA-4848-83A1-2CFCA0F5AF5C} - D:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)


Exit HijackThis when done. Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#7
Mike19

Mike19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:39:39 AM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\SYSTEM32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1010007345014
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164769248640
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - D:\WINDOWS\System32\wdfmgr.exe (file missing)





SUPERAntiSpyware Scan Log
Generated 12/02/2006 at 01:21 AM

Application Version : 3.3.1020

Core Rules Database Version : 3141
Trace Rules Database Version: 1157

Scan type : Complete Scan
Total Scan Time : 00:37:11

Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 5294
Registry threats detected : 15
File items scanned : 77648
File threats detected : 110

Trojan.Downloader-WNA
HKLM\Software\Classes\CLSID\{013A653B-49A6-4f76-8B68-E4875EA6BA54}
HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}
HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}\InprocServer32
HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}\InprocServer32#ThreadingModel
D:\WINDOWS\SYSTEM32\RRXFUTUD.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP273\A0040833.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP276\A0042280.DLL

Adware.Tracking Cookie
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][3].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator.COMP04\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][2].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt
D:\Documents and Settings\Mikey J\Cookies\[email protected][1].txt

Unclassified.Unknown Origin
HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP273\A0040834.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP276\A0042276.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042635.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044139.DLL

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044111.EXE
D:\WINDOWS\SYSTEM32\OT.ICO

Malware.Notifier
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#ishost.exe [ ishost.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#issearch.exe [ issearch.exe ]

Malware.Safety Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#UninstallString

Trojan.BankSteal-Gen
HKCR\ib2.CBrowserHelper
HKCR\ib2.CBrowserHelper\Clsid

Trojan.WinSysUpd/32
C:\WINDOWS\WINSYSUPD1.DAT

Adware.VSToolbar
D:\DOCUMENTS AND SETTINGS\MIKEY J\LOCAL SETTINGS\TEMP\TEMP.FRF85D\VSADD-IN.DLL
D:\PROGRAM FILES\VSADD-IN\VSADD-IN.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP283\A0043192.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP287\A0043344.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP289\A0043383.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP289\A0043394.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP289\A0043430.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP289\A0043452.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP289\A0043462.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP291\A0043510.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP293\A0043557.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP293\A0043572.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP293\A0043582.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP293\A0043688.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP293\A0043707.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP294\A0043731.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP294\A0043741.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP295\A0043768.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044096.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044100.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044122.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP296\A0044138.DLL

Trojan.Downloader-RNFSave
D:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061128-172358-229.DLL
D:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061128-172948-790.DLL
D:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061128-173044-562.DLL
D:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061128-173737-559.DLL
D:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061128-185627-482.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP276\A0042282.DLL
D:\WINDOWS\SYSTEM32\NNNKHHE.DLL
D:\WINDOWS\SYSTEM32\OPNNKHF.DLL

Adware.ToolBar888
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP273\A0040791.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP273\A0040837.DLL
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP276\A0042277.DLL

Adware.ClickSpring
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP276\A0042260.EXE

Trojan.Downloader-VSAddIn
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042616.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042617.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042618.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042619.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042620.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042621.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042622.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042623.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042624.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042625.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042626.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042627.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042628.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042629.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042630.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042632.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042633.EXE

Trojan.Downloader-DoneDU
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042631.DLL

Trojan.Freeprod
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP277\A0042634.EXE

Adware.ClickSpring/Yazzle
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP295\A0043754.EXE

Malware.VirusBurster-Install
D:\SYSTEM VOLUME INFORMATION\_RESTORE{B820EAB6-84E2-4A78-BC16-8D05AD44FF3C}\RP295\A0043779.EXE

Trojan.Downloader-SpyTool
D:\WINDOWS\SYSTEM32\ACOSYVAJ.DLL
D:\WINDOWS\SYSTEM32\BGLDNWSI.DLL
D:\WINDOWS\SYSTEM32\DFYMBVVF.DLL
D:\WINDOWS\SYSTEM32\DVAQDGMH.DLL
D:\WINDOWS\SYSTEM32\HDUTATXJ.DLL
D:\WINDOWS\SYSTEM32\JBWCVYOX.DLL
D:\WINDOWS\SYSTEM32\MUKKGPAK.DLL
D:\WINDOWS\SYSTEM32\PAJVJYLE.DLL
D:\WINDOWS\SYSTEM32\QOOLSBCH.DLL
D:\WINDOWS\SYSTEM32\RWUFVCDC.DLL
D:\WINDOWS\SYSTEM32\VVIWSSCW.DLL

Trojan.Flx/Conhook
D:\WINDOWS\SYSTEM32\COMPONENTS\FLX7.DLL
D:\WINDOWS\Prefetch\FLX7.DLL-15257A3F.pf

Unclassified.Unknown Origin/System
D:\WINDOWS\SYSTEM32\IXT1.DLL

Browser Hijacker.BestSafetyGuide
D:\WINDOWS\SYSTEM32\IXT2.DLL
D:\WINDOWS\SYSTEM32\IXT3.DLL
D:\WINDOWS\SYSTEM32\IXT4.DLL
D:\WINDOWS\SYSTEM32\IXT5.DLL
  • 0

#8
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
That looks better - how is it running now?
  • 0

#9
Mike19

Mike19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Seems to be running good now. I havent had a popup since. What a Relief.. :blink: Thanks alot. you guys are the best :whistling:
  • 0

#10
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :whistling:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP