Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help I have a serious bug - Viundo? ++ [CLOSED]


  • This topic is locked This topic is locked

#16
rogerisright69

rogerisright69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
COMBO FIX LOG

ComboFix 08-03-08.2 - Bobby Fischer 2008-03-09 15:52:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1160 [GMT -8:00]
Running from: C:\Documents and Settings\Bobby Fischer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bobby Fischer\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\PROGRA~1\CURITY~1\taskmgr.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\hjutrqnd.dll
C:\WINDOWS\system32\users32.dat
.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 01:16 . 2008-03-09 01:16 <DIR> d-------- C:\Deckard
2008-03-09 01:16 . 2008-03-08 21:01 396,288 --a------ C:\Program Files\Common Files\Bobby Fischer.exe
2008-03-08 21:01 . 2008-03-08 21:01 396,288 --a------ C:\Program Files\Common Files\HijammmmkThis.exe
2008-03-08 21:00 . 2008-03-08 21:00 <DIR> d-------- C:\Program Files\Common Files\New Folder
2008-03-08 16:46 . 2008-03-08 16:46 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-08 13:41 . 2008-03-08 13:41 149,056 --a------ C:\WINDOWS\system32\xhppweme.dll.vir
2008-03-08 02:52 . 2008-03-08 02:52 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\Grisoft
2008-03-08 02:28 . 2008-03-08 02:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 02:28 . 2008-03-08 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 02:26 . 2008-03-08 02:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 02:13 . 2008-03-08 22:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy1
2008-03-08 02:08 . 2008-03-08 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 02:08 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-07 12:30 . 2008-03-07 12:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-07 11:41 . 2008-03-08 02:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 20:14 . 2008-03-06 20:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 13:39 . 2008-03-06 14:26 414 ---hs---- C:\WINDOWS\system32\dnqrtujh.ini
2008-03-06 12:27 . 2008-03-06 12:27 <DIR> d-------- C:\Program Files\Airlink101
2008-03-06 12:27 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-06 12:27 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\AWLH5025.dll
2008-03-06 12:27 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-03-06 12:27 . 2008-03-06 12:27 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-06 12:27 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-03-05 23:10 . 2008-03-06 19:28 1,018 --a------ C:\WINDOWS\wininit.ini
2008-03-05 22:48 . 2008-03-08 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 10:10 . 2008-03-05 10:10 <DIR> d-------- C:\kav
2008-03-05 09:16 . 2008-03-08 03:14 <DIR> d--hs---- C:\WINDOWS\Um9nZXI
2008-03-05 05:37 . 2008-03-05 05:38 <DIR> d-------- C:\Program Files\Evidence Eliminator
2008-03-05 05:37 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-03-05 05:37 . 2007-07-12 12:52 118,784 --a------ C:\WINDOWS\system32\EEGenFn1.dll
2008-03-05 05:37 . 1999-05-29 21:33 114,696 --a------ C:\WINDOWS\system32\Fablock6.ocx
2008-03-05 05:37 . 2007-04-24 16:21 61,440 --a------ C:\WINDOWS\system32\Eeshellx.dll
2008-03-05 05:37 . 2007-08-13 15:24 36,864 --a------ C:\WINDOWS\system32\eetransx.exe
2008-03-05 05:37 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2008-03-04 19:58 . 2008-03-05 09:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-04 19:45 . 2008-03-04 19:45 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\TrueSwitch
2008-03-04 19:12 . 2008-03-04 19:12 249,856 --------- C:\WINDOWS\Setup1.exe
2008-03-04 19:12 . 2008-03-04 19:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-04 19:01 . 2008-03-04 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-03-04 14:42 . 2008-03-05 04:08 <DIR> d-------- C:\Program Files\VeryPDF PDF Editor v2.2
2008-03-03 21:29 . 2008-03-05 10:01 <DIR> d-------- C:\Program Files\Download Direct
2008-03-03 21:07 . 2008-03-03 21:10 <DIR> d-------- C:\Program Files\FLSPlan
2008-03-03 21:07 . 1998-11-23 07:50 634,880 --a------ C:\WINDOWS\system32\GSPROP32.DLL
2008-03-03 21:07 . 1998-11-11 07:50 423,016 --a------ C:\WINDOWS\system32\Gsw32.exe
2008-03-03 21:07 . 1999-01-12 16:46 242,816 --a------ C:\WINDOWS\system32\GSWAG32.DLL
2008-03-03 21:07 . 1998-11-11 07:50 152,688 --a------ C:\WINDOWS\system32\GSWDLL32.DLL
2008-03-03 21:07 . 2004-08-26 09:22 59,392 --a------ C:\WINDOWS\system32\fce32.DLL
2008-03-03 06:08 . 2008-03-03 06:08 <DIR> d-------- C:\Program Files\VeryPDF Form Filler v3.0
2008-03-02 17:00 . 2008-03-02 17:00 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\ATI
2008-03-02 17:00 . 2008-03-02 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-02 16:52 . 2008-03-02 16:52 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\Leadertech
2008-03-02 01:57 . 2008-03-02 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-02 00:25 . 2008-03-02 00:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-02 00:25 . 2008-03-02 00:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 22:55 . 2008-03-02 16:59 <DIR> d-------- C:\Program Files\Google
2008-03-01 19:32 . 2008-03-07 01:31 <DIR> d---s---- C:\Documents and Settings\Bobby Fischer\UserData
2008-03-01 19:24 . 2008-03-01 19:24 <DIR> d-------- C:\Program Files\Siber Systems
2008-03-01 19:24 . 2008-03-01 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-01 17:35 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-01 17:34 . 2008-03-01 17:38 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-01 17:32 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-01 17:31 . 2008-03-01 17:31 <DIR> d-------- C:\Program Files\Realtek AC97
2008-03-01 17:31 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-01 17:31 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-01 17:31 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-01 17:31 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-01 17:31 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-01 17:31 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-01 17:31 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-01 17:31 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-01 17:18 . 2008-03-01 17:18 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-03-01 12:43 . 2008-03-01 12:43 <DIR> d-------- C:\Program Files\MSBuild
2008-03-01 12:43 . 2008-03-01 12:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-01 12:36 . 2008-03-01 12:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-01 12:33 . 2008-03-06 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 12:08 . 2008-03-01 17:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 12:08 . 2008-03-01 17:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-03-01 12:08 . 2005-06-04 20:07 319,104 --a------ C:\WINDOWS\system32\drivers\RT61.sys
2008-03-01 12:08 . 2005-06-14 15:35 36,864 --a------ C:\WINDOWS\system32\ss.dll
2008-03-01 12:08 . 2005-06-17 13:48 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\rt2561s.bin
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-03-01 12:01 . 2008-03-01 12:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-01 04:24 . 2008-03-01 04:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-01 04:23 . 2008-03-01 04:23 37 --a------ C:\WINDOWS\vbaddin.ini
2008-03-01 04:23 . 2008-03-01 04:23 36 --a------ C:\WINDOWS\vb.ini
2008-03-01 04:21 . 2008-03-08 02:49 <DIR> d-------- C:\Program Files\Windows Plus
2008-03-01 04:19 . 2004-07-01 02:06 10,604,352 --a--c--- C:\WINDOWS\system32\dllcache\ehcir.ird
2008-03-01 04:18 . 2004-08-10 04:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-03-01 04:17 . 2008-03-01 04:23 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2008-03-01 04:16 . 2004-08-10 04:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-02-29 20:13 . 2004-08-03 15:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-02-29 20:13 . 2004-08-03 14:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-02-29 20:13 . 2004-08-03 15:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-29 20:13 . 2001-08-17 06:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-02-29 20:13 . 2004-08-03 15:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-02-29 20:13 . 2004-08-03 14:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-02-29 20:13 . 2004-08-03 15:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-02-29 20:12 . 2004-08-03 14:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 09:16 5,004 ----a-w C:\Program Files\Common Files\hijackthis.log
2008-03-06 06:29 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-02 07:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 19:53 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
Files Infected - Win32.Agent.zb
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-08 02:44 160592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas1.exe" [2007-06-11 01:25 6731312]
"braviax"="braviax.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^Bobby Fischer^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Bobby Fischer\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\Download Direct\DLD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
--a------ 2008-01-11 16:07 920222 C:\Program Files\Evidence Eliminator\ee.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2006-08-08 06:19]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService;C:\Program Files\Airlink101\AWLH5025\WLService.exe [2004-03-29 16:08]
R3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2001-08-17 05:50]
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 05:53]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 13:48]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 15:54:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 15:55:50
ComboFix-quarantined-files.txt 2008-03-09 23:55:23
ComboFix2.txt 2008-03-09 20:52:43



HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:03 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Airlink101\AWLH5025\WLService.exe
C:\Program Files\Airlink101\AWLH5025\AWLH5025.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas1.exe" /minimized
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5025\WLService.exe

--
End of file - 5111 bytes
  • 0

Advertisements


#17
rogerisright69

rogerisright69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I UNINSTALLED MY ROBOFORM PROGRAM AND THIS IS THE NEW HIJACK THIS REPORT WITHOUT IT INSTALLED

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:03 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Airlink101\AWLH5025\WLService.exe
C:\Program Files\Airlink101\AWLH5025\AWLH5025.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas1.exe" /minimized
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5025\WLService.exe

--
End of file - 3319 bytes
  • 0

#18
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
now that we have a semblence of control, i want to verify if you have an antivirus program on your machine. i dont see any sign of one. i can only see an antispyware program.

if you do have an antivirus program, then could you let me know.

if you dont, then we need to download and run one immediately. This program is basic for the security of your computer and in todays age not having one will probably lead to disaster for your computer. we will also just be chasing our tails as we try and clear your machine as new infections come on.

Please go http://www.avast.com.../down_home.html and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial http://www.schmahl.n...astbootscan.htm it may make it easier to you to follow the steps.

Next, choose
Scan all local disks
scan archive files
click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

On completion of the boot scan there will be a report at this location C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Please post that in your next reply together with a new hijackthis log

andrewuk
  • 0

#19
rogerisright69

rogerisright69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
LATEST SCAN WITH EWIDO

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:03:40 PM 3/9/2008

+ Scan result:



Nothing found.



::Report end

YOU GUYS CERTAINLY DO LIVE UP TO YOUR NAME!! THANK YOU !!
  • 0

#20
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
we havea few things to do before we wrap up, and i suspect there is more infections lurking around on your machine.

could you install the antivirus program in my prior post. i suspect this will all take 3 more post from me to complete.

andrewuk
  • 0

#21
rogerisright69

rogerisright69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
okay chief I am back and complying with your directions as we speak
  • 0

#22
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
still with us? (i needed to see the Avast scan log and a new hijackthis log)
  • 0

#23
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP