Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cryp Tap-2 Cannot Remove, Log Posted

Started by terang , Mar 22 2008 05:51 PM

  • Please log in to reply

#1
terang
Posted 22 March 2008 - 05:51 PM

terang

    New Member

  • Member
  • Pip
  • 1 posts
Any assistance would be greatly appreciated. I have run VundoFix, but did not help. Here is HiJackThis Log;

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [BM43d9692c] Rundll32.exe "C:\WINDOWS\system32\ejsnjfvg.dll",s
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ngiamflj.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6388 bytes


Here is the AVG Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:44:49 PM 3/22/2008

+ Scan result:



C:\Program Files\Common Files\DriveCleaner\DCPChk.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3823860292-3501273101-3849170239-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3823860292-3501273101-3849170239-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} -> Adware.SpyBlocs : Cleaned with backup (quarantined).
HKU\S-1-5-21-3823860292-3501273101-3849170239-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} -> Adware.SpyBlocs : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422} -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WASPChk.WASPChk -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WASPChk.WASPChk\CLSID -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\WINDOWS\system32\startup.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\daSgo17\daSgo172314.exe -> Downloader.VB.cho : Cleaned with backup (quarantined).
C:\Documents and Settings\James Horne\Local Settings\Temporary Internet Files\silverstar.exe~ -> Dropper.Agent.chq : Cleaned with backup (quarantined).
C:\Program Files\Helper\superfindout.dll -> Not-A-Virus.Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\James Horne\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
[268] C:\WINDOWS\system32\iifcy.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
[836] C:\WINDOWS\system32\iifcy.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\Documents and Settings\James Horne\Cookies\james_horne@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\James Horne\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\James Horne\Cookies\james_horne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\James Horne\Cookies\james_horne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\James Horne\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\James Horne\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\James Horne\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

And here is the Super Anti Spyware Log:

SUPERAntiSpyware Scan Log
Generated 03/22/2008 at 09:33 PM

Application Version : 3.6.1000

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Complete Scan
Total Scan Time : 01:11:33

Memory items scanned : 518
Memory threats detected : 0
Registry items scanned : 5271
Registry threats detected : 25
File items scanned : 38341
File threats detected : 27

Adware.IWinGames
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Tracking Cookie
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\james_horne@adrevolver[2].txt
C:\Documents and Settings\James Horne\cookies\james_horne@atdmt[2].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\james_horne@adnetserver[1].txt
C:\Documents and Settings\James Horne\cookies\james_horne@advancedcleaner[1].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\james_horne@specificclick[2].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\[email protected][1].txt
C:\Documents and Settings\James Horne\cookies\[email protected][3].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
HKCR\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}\ProxyStubClsid
HKCR\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}\ProxyStubClsid32
HKCR\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}\TypeLib
HKCR\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}\TypeLib#Version
HKCR\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
HKCR\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}\ProxyStubClsid
HKCR\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}\ProxyStubClsid32
HKCR\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}\TypeLib
HKCR\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}\TypeLib#Version
C:\Program Files\Common Files\WinAntiSpyware 2007 Free

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.Media-Codec
C:\Documents and Settings\James Horne\Favorites\Online Security Test.url

Trojan.WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\was7chk.dll
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Documents and Settings\James Horne\Application Data\WinAntiSpyware 2007\activator_info.txt
C:\Documents and Settings\James Horne\Application Data\WinAntiSpyware 2007\Logs\Activate.log
C:\Documents and Settings\James Horne\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\James Horne\Application Data\WinAntiSpyware 2007\Logs
C:\Documents and Settings\James Horne\Application Data\WinAntiSpyware 2007

Adware.E404 Helper/Hij
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Trojan.Media-Codec/V5
C:\Program Files\Helper

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP


And here is the Panda Report:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\afjvnntc.dll
Spyware:spyware/virtumonde Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James Horne\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\James Horne\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James Horne\Cookies\james_horne@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\James Horne\Cookies\james_horne@atdmt[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\James Horne\Cookies\james_horne@enhance[2].txt
Thanks in advance.

Edited by terang, 23 March 2008 - 06:14 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP