This topic is locked
Would loke someone to fix my problem
Several days ago the nasty virus programms appeared in desktop disply as pop-up advertisements (like Bestseller Antivirus/Malware Allarm etc), firstly only during online Internet using and after even during offline using (just viewing some saved internet files). SAV corporate edition 10.1.5. did not find anything (!!!). Kaspersky antivirus 2007 found AdAware.win32.virtumonde.gio, desinfected files, however poblem did not resolved.
I have followed the reccomndation from some web-sites http://www.bleepingc...topic18610.html and while windows XP system restore was turned off installed the program VundoFix and removed all files it had found.
VundoFix V6.7.7
-------------------
Checking Java version...
Sun Java not detected
Scan started at 22:53:00 04-Feb-2008
Listing files found while scanning....
C:\windows\system32\awtsp.dll
C:\WINDOWS\system32\ckcmssep.ini
C:\WINDOWS\system32\frpmhgtm.dll
C:\WINDOWS\system32\gbmthdfl.dll
C:\WINDOWS\system32\pessmckc.dll
C:\windows\system32\pstwa.ini
C:\windows\system32\pstwa.ini2
C:\WINDOWS\system32\reecvgjc.dll
Beginning removal...
Attempting to delete C:\windows\system32\awtsp.dll
C:\windows\system32\awtsp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ckcmssep.ini
C:\WINDOWS\system32\ckcmssep.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\frpmhgtm.dll
C:\WINDOWS\system32\frpmhgtm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gbmthdfl.dll
C:\WINDOWS\system32\gbmthdfl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pessmckc.dll
C:\WINDOWS\system32\pessmckc.dll Has been deleted!
Attempting to delete C:\windows\system32\pstwa.ini
C:\windows\system32\pstwa.ini Has been deleted!
Attempting to delete C:\windows\system32\pstwa.ini2
C:\windows\system32\pstwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\reecvgjc.dll
C:\WINDOWS\system32\reecvgjc.dll Has been deleted!
Performing Repairs to the registry.
Done!
---------------------------
It seems that the problem disaapeared, however every time I start windows XPSP2 the following Rundll notification appeares:
<error loading C:\Windows\system32\pessmckc.dll.>
<The specified module could not be found.>
I am sending below Hijackthis log file:
------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:59:14, on 04-Feb-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internet.ge/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {e35781dd-19b2-b4ab-07c4-5568be86e078} - {870e68eb-8655-4c70-ba4b-2b91dd18753e} - C:\WINDOWS\system32\frpmhgtm.dll (file missing)
O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - C:\WINDOWS\system32\qomnljk.dll (file missing)
O2 - BHO: (no name) - {E540C5BF-ED58-484E-ABBD-1A8B3B4ADFC2} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {EE2E1983-4FA1-4AAB-B5AB-F2120F0155C8} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [3c79fa38] rundll32.exe "C:\WINDOWS\system32\pessmckc.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: qomnljk - C:\WINDOWS\
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-----------------------
Someone have any suggestion?
Thanks
David
Sign In
Create Account
