Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Msn messenger Virus Help plz!


  • Please log in to reply

#1
Jewelz

Jewelz

    New Member

  • Member
  • Pip
  • 3 posts
Hi guys... I was chatting on msn and I was sent a msg like "Is this you?" or "Is this your myspace page? and then there was a link to a website which I clicked and it download a file mypictures.exe. After this I kept sending the same msg to all my contacts. I have not been on msn since. I delete msn. I deleted the mypictures.exe and I uninstalled Norton antivirus which was installed at the time I got the virus. I did a bitdefender scan and removed some virus but the problem persists. I have been trying to fix this problem for about a week without any luck. I have reinstalled internet explorer as it no longer works properly. I can't seem to view any pages to do with any sort or virus help or the word msn. So i installed firefox. I have installed avg free addition cleared some virus not all. I have used spybot s earch and destroy. Also cleared some not all. I have used ccleaner help abit but the virus virus still present. I have tried various online scanners but am unable to connect and the virus has turned off my system restore. I have fooled around abit with stuff and I feel I might be missing some registry files and things may have been made worse as I tried to fix the virus through differnt web pages advice.

If anybody could please help me it'd be much appreciated. Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:51 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Hijack This\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - URLSearchHook: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Srlmsagu\ihmpkvio.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadc...eeBHInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O22 - SharedTaskScheduler: XenaDot Software - {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8148 bytes

And here is my uninstall list:

µTorrent
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player
Apple Software Update
ArcSoft PhotoImpression
Athlon 64 Processor Driver
AVG 7.5
AviSynth 2.5
Belkin 54g USB Network Adapter
BitTorrent 5.0.7
Boilsoft 3GP/iPod/PSP/MP4 Converter 1.01
Canon MultiPASS Suite 4.40
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
C-Media WDM Audio Driver
DeepBurner Pro v1.8.0.225
DVC5.1 Driver
DVD Shrink 3.2
Easy Video Splitter 1.26
Easy-WebPrint
Enable S3 for USB Device
FontCreator 5.5
GunboundWC
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
hp LaserJet-all-in-one
HP Software Update
Initio Win98 USB Storage Driver (051216)
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
Java™ 6 Update 2
Kaspersky Online Scanner
LaserAIO
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Magic Inlay
Magic Inlay (RA)
MapleStory
Max Media Creator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
mIRC
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
MyDSC2
Nero 6 Ultra Edition
NETg Skill Builder DX
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
OptusNet Cable Components
Outerinfo
Panda ActiveScan
PeerGuardian 2.0
QuickTime
RealPlayer
Realtek AC'97 Audio
Samsung DVC Media 5.1
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Shockwave
Spybot - Search & Destroy 1.4
System Requirements Lab
UniChromeII Graphics Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VIA Integrated Setup Wizard
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.6b
Videora iPod Converter 0.91
VobSub v2.23 (Remove Only)
Winamp (remove only)
WinAVI Video Converter
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver



Thanks in advance for any help...Oh and if you can understand any of this log and you can see where I have messed up could you please let me know.. Also any advice on which programs are not needed or are no good would be great? I read that adaware was no good and all free antivirus software so I stopped using adaware but i have had no problem with agv antivirus.... If anyone could recommend a good antivirus and spyware malware software that I could install so this can be avoided in future would be very helpful!!!! I had norton but was told it was hopless so I uninstalled it and replaced with agv... Thanks again guys sorry for the long post..... :whistling:
  • 0

Advertisements


#2
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hi Jewelz,
Download MsnCleaner.zip to your Desktop, but don't use it yet.
http://www.forospyware.com/Msncleaner/MsnCleaner.zip
(Copy/Paste the URL into the address bar or use "Save Target As")
  • Extract the content of MsnCleaner.zip to your Desktop.
  • Now reboot into Safe Mode
  • Double-click MsnCleaner.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post.
Next, run AVG like this:
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Post the results and a fresh HJT please.
Harry
  • 0

#3
Jewelz

Jewelz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry I don't know if I have done the right thing but here goes:

Msn cleaner log:
- Logfile MSNCleaner 1.2.8
- Created Logfile: 9/6/2007 on 5:42:28 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>

And the agv antivirus:
history>
- <!-- 01c7f0c8e661e810
-->
- <rec time="2007/09/06 21:00:05" user="Ngo Family" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/09/06 21:10:58" user="Ngo Family" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Ngo Family\My Documents\BitTorrent Downloads\msnVirusRemoval.zip</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">BackDoor.Robobot.AE</attr>
</rec>
- <rec time="2007/09/07 09:17:59" user="Ngo Family" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/09/07 09:18:57" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1124-1122;iavi:1003-1001;</attr>
</rec>
- <rec time="2007/09/07 09:24:25" user="Ngo Family" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/09/07 09:26:50" user="Ngo Family" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/09/07 11:30:13" user="Ngo Family" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>

I think this is wrong? But I'm not sure?
And here is a CCleaner log while I'm at it:
CCleaner v2.00.491 Beta 2
--------------------------------------------
- Added support for Firefox HttpOnly cookies.
- Fixed symbolic languages not displaying correctly.
- Added translation of new v2.0 features into other languages.
- Fixed bug in Hotfix Uninstaller cleaning that left empty folders.
- Fixed bug in Temporary Files cleaning that left empty folders.
- Installer now supports parameters like /L=1033 for language selection.
- New installer routines to prevent false positives by antivirus programs.
- Cookies list in Options now refreshes correctly.
- Fixed bug in automatic update checker.
- Improved Options-Exclude Registry key entry format.
- Fixed empty message box in Uninstaller Tool.
- Improved IE7 history cleaning when IE is open.
- Minor tweaks and fixes.


CCleaner v2.00.475 Beta 1
--------------------------------------------
- Complete rebuild in C++
With the requirements for a portable version, 64-bit compatibility and Windows Vista increasing against the limitations of the old architecture. We decided to rebuild the entire CCleaner application in highly optimized C++.

- Faster analyzing and cleaning
Each scanning process was rewritten from scratch and fully optimized. The result being a noticeable speed increase in all areas.

- Portable
CCleaner can now run from a USB thumbdrive and be installed/run on a computer without a complicated setup process.

- Compact
The rewrite removed all external file dependencies, so the main EXE is now half the size of the original program and support files.

- Redesigned User Interface
The original CCleaner user interface was looking a little dated, so the GUI was redesigned with a modern look, but without sacrificing speed or usability. New icons were created for the interface and the main program icon was updated with a more modern style.

- Exclusions
It is now possible to specify files, folders and registry keys to ignore from the cleaning process.

- Loads of little tweaks
Too numerous to mention them all separately, we've tried to improve CCleaner in all areas.

----------------------------------------

Hjt logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:51 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Hijack This\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - URLSearchHook: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Srlmsagu\ihmpkvio.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadc...eeBHInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O22 - SharedTaskScheduler: XenaDot Software - {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8148 bytes

Sorry i still haev the virus I think I may have done more bad than good trying to fix it myself so in future i'll wait for your response.Thanks I really appreciate your help!
  • 0

#4
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey Jewelz, sorry for the delay.....

Lets do this (and the AVG results posted did not help):
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry you wish to delete (delete the following)
    • µTorrent
    • BitTorrent 5.0.7
    • J2SE Runtime Environment 5.0 Update 7
    • J2SE Runtime Environment 5.0 Update 8
    • Outerinfo << and anything that says OIN or Outerinfo
  • Click on Delete this entry
  • Click "Yes"
Next:
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post back the results, and a fresh HJT log.

Harry
  • 0

#5
Jewelz

Jewelz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi I'm back... when i tried to do a hjt log for you AVG detected it as virus and deleted it so I reinstalled it. I just thought that was strange.

Did the things you requested and here are my logs:

ComboFix 07-09-08.7 - "Ngo Family" 2007-09-08 12:10:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.168 [GMT 10:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\NGOFAM~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\7QJENF4H\iforex.com
C:\DOCUME~1\NGOFAM~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\7QJENF4H\www.broadcaster.com
C:\DOCUME~1\NGOFAM~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\NGOFAM~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\WINDOWS\dobe~1
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\s?stem32\


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 11:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 11:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-07 13:24 <DIR> d-------- C:\BackUpMSNCleaner
2007-09-07 09:17 <DIR> d--h----- C:\BJPrinter
2007-09-06 11:34 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-06 11:33 <DIR> d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-05 11:15 <DIR> d-------- C:\fbf1fa9c4619b9ecc366ecda
2007-09-05 11:15 <DIR> d-------- C:\1ab5220fddc5200f372dce
2007-09-05 11:06 843 --a------ C:\ChangeWinXPKey.vbs
2007-08-31 11:45 <DIR> d-------- C:\WINDOWS\system32\wowrlegl
2007-08-25 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\!KillBox
2007-08-25 18:42 <DIR> d-------- C:\Program Files\CCleaner
2007-08-25 15:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-25 13:38 <DIR> d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\ArcSoft
2007-08-25 13:37 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-08-25 13:36 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-08-25 13:36 <DIR> d-------- C:\Program Files\ArcSoft
2007-08-25 13:20 33,890 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
2007-08-25 13:20 24,605 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
2007-08-24 21:50 <DIR> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 18:28 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-06 18:20 --------- d-------- C:\Program Files\Canon
2007-08-29 16:04 --------- d-------- C:\Program Files\ewido anti-malware
2007-08-26 12:05 --------- d-------- C:\Program Files\Norton AntiVirus
2007-08-26 12:05 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-26 00:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-25 22:57 --------- d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\idle about
2007-08-25 16:31 --------- d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-08-25 16:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\burn rule ace bone
2007-08-25 15:52 --------- d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\Lavasoft
2007-08-25 13:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-20 18:08 --------- d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\dvdcss
2007-08-09 18:25 --------- d-------- C:\Program Files\mIRC
2007-08-09 16:29 --------- d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\BitTorrent
2007-08-02 14:32 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-02 14:32 --------- d-------- C:\Program Files\Belkin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 17:54 --------- d-------- C:\DOCUME~1\NGOFAM~1\APPLIC~1\Nexon
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-09-26 15:19 4548184 --a------ C:\Program Files\MsgPlusLive-401.exe
2006-09-25 16:19 2376474 --a------ C:\Program Files\winmx_mp3_free.exe
2006-09-25 16:19 1292481 --a------ C:\Program Files\bpftpclient_install.exe
2006-09-21 20:34 36636224 --a------ C:\Program Files\iTunesSetup.exe
2006-09-05 10:00 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-08-20 09:55 474476 --a--c--- C:\Program Files\Itinerary.pdf
2006-08-11 13:00 8661936 --a------ C:\Program Files\winamp524_full_bundle_emusic-7plus.exe
2006-06-04 09:46 247608 --a------ C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2006-03-08 15:23 643711 --a------ C:\Program Files\XviD-1.1.0-30122005.exe
2006-03-07 12:10 1351680 --a------ C:\Program Files\mirc617.exe
2006-03-02 21:32 9409224 --a------ C:\Program Files\Install_MSN_Messenger.exe
2007-03-10 08:07:53 43 -csha-w C:\WINDOWS\Temp\removalfile.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3B1F56B-4DAF-1B7E-ACAB-641349D869C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 19:09 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" [2003-03-31 17:32]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-25 15:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 16:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 09:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-01 21:09:03]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-08 16:25:45]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]
winuns32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix]
"C:\Program Files\BearFlix\BearFlix.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fkfmzmdu]
rundll32.exe "C:\Program Files\fkfmzmdu\dixazyda.dll",Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\grammix]
C:\DOCUME~1\NGOFAM~1\APPLIC~1\IDLEAB~1\MoreLoveAce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMprocess]
C:\Documents and Settings\Ngo Family\Desktop\IM-svr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Explorer]
c:\windows\system32\drivers\helpsys\msnexplorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TyperSharkSetup.exe]
C:\MYDOWN~1\Games\TYPERS~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufepwlqb]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ufepwlqb.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
"C:\Program Files\Ultimate Cleaner\App.exe" hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Defender]
"C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoraiPodConverter]
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvwdb27d]
RUNDLL32.EXE w0260854.dll,n 003db27a0000000a0260854

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSCSPTISRV"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"IDriverT"=3 (0x3)

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487e5ea9-bc64-11da-b391-0012c9609438}]
AutoRun\command- E:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1677f6-a852-11db-b663-0012c9609438}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 12:12:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 12:13:12
C:\ComboFix-quarantined-files.txt ... 2007-09-08 12:13
.
--- E O F ---

My hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:43:19 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\Ngo Family\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D3B1F56B-4DAF-1B7E-ACAB-641349D869C7} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

#6
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hi Jewelz,

Sometimes AVG will see something it thinks is bad so it cures it, no worry there.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Making progress :whistling:

Harry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP