Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spywarequak

Started by kakofreak , Apr 04 2008 03:01 PM

  • Please log in to reply

#1
kakofreak
Posted 04 April 2008 - 03:01 PM

kakofreak

    Member

  • Member
  • PipPip
  • 16 posts
I followed step by step before posting this log.......Nothing happens....

Right now I'm here:

Step One: Scan for Spyware/Adware

I ran SUPERAntiSpyware, the process finished and i still having certain infections.

Then I've tried to run Panda, but i couldn't. That's why i've decided to send to you guys my last log.

I hope you all find any help.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/03/2008 at 10:13 AM

Application Version : 4.0.1154

Core Rules Database Version : 3422
Trace Rules Database Version: 1239

Scan type : Complete Scan
Total Scan Time : 00:43:20

Memory items scanned : 527
Memory threats detected : 10
Registry items scanned : 5433
Registry threats detected : 51
File items scanned : 80904
File threats detected : 44

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\WVUOEUVO.DLL
C:\WINDOWS\SYSTEM32\WVUOEUVO.DLL

Trojan.NewDotNet-Installer
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL

Trojan.Downloader-Oreon-A/Resident
C:\WINDOWS\INSTALLER\{128C997B-656F-4E8D-B1E6-B024179D2868}\CHKVOLUME.DLL
C:\WINDOWS\INSTALLER\{128C997B-656F-4E8D-B1E6-B024179D2868}\CHKVOLUME.DLL

Trojan.Downloader-AntiViirus
C:\PROGRAM FILES\ANTIVIIRUS.EXE
C:\PROGRAM FILES\ANTIVIIRUS.EXE
[antiviirus] C:\PROGRAM FILES\ANTIVIIRUS.EXE
C:\WINDOWS\Prefetch\ANTIVIIRUS.EXE-10A2E3A4.pf

Trojan.Unclassified/Tmp-Gen
C:\PROGRAM FILES\TMP0.EXE
C:\PROGRAM FILES\TMP0.EXE
C:\PROGRAM FILES\TMP1.EXE
C:\PROGRAM FILES\TMP1.EXE
C:\PROGRAM FILES\TMP2.EXE
C:\PROGRAM FILES\TMP2.EXE
C:\PROGRAM FILES\TMP3.EXE
C:\PROGRAM FILES\TMP3.EXE
C:\WINDOWS\Prefetch\TMP0.EXE-165F1111.pf
C:\WINDOWS\Prefetch\TMP1.EXE-389FCCA1.pf
C:\WINDOWS\Prefetch\TMP2.EXE-012BC19F.pf
C:\WINDOWS\Prefetch\TMP3.EXE-3AF74FDF.pf

Adware.SXGAdvisor-A
C:\WINDOWS\SVPEKGONWDN.DLL
C:\WINDOWS\SVPEKGONWDN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88425A92-EB25-4ABA-A863-3380D2C570B7}
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\InprocServer32
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\InprocServer32#ThreadingModel
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\ProgID
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\Programmable
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\TypeLib
HKCR\CLSID\{88425A92-EB25-4ABA-A863-3380D2C570B7}\VersionIndependentProgID

Trojan.Unclassified/GTS
C:\WINDOWS\STFNGDVW.DLL
C:\WINDOWS\STFNGDVW.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\InprocServer32
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\ProgID
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\Programmable
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\TypeLib
HKCR\CLSID\{505968FB-8A4C-4CAB-8EA1-A8D9C0B91DCA}\VersionIndependentProgID
HKCR\stfngdvw.1
HKCR\stfngdvw
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}\1.0
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}\1.0\0
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}\1.0\0\win32
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}\1.0\FLAGS
HKCR\TypeLib\{4C528A01-4096-41F4-B410-E4CC5514BD88}\1.0\HELPDIR

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}\Implemented Categories
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}\InprocServer32
HKCR\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON\ICTMDL.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{062F3F8B-CB94-4D76-A98A-EF800A438F01}
HKU\S-1-5-21-3456917475-4237882370-1371069923-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{062F3F8B-CB94-4D76-A98A-EF800A438F01}
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMM.EXE
C:\PROGRAM FILES\VIDEO ADD-ON\UNINST.EXE

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKU\S-1-5-21-3456917475-4237882370-1371069923-1007\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F267FF77-069C-48B3-9396-47CA8BA9AEED}
HKCR\CLSID\{F267FF77-069C-48B3-9396-47CA8BA9AEED}
HKCR\CLSID\{F267FF77-069C-48B3-9396-47CA8BA9AEED}\InprocServer32
HKCR\CLSID\{F267FF77-069C-48B3-9396-47CA8BA9AEED}\InprocServer32#ThreadingModel

Trojan.NewDotNet
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-21-3456917475-4237882370-1371069923-1007\Software\New.net
HKU\S-1-5-18\Software\New.net
C:\Program Files\NewDotNet

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@nextag[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@enhance[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@pro-market[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adult-youtube-8[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adecn[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@findwhat[1].txt

Adware.Casino Games (Golden Palace Casino)
HKU\S-1-5-21-3456917475-4237882370-1371069923-1007\Software\Golden Palace Casino PT

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\FAVORITES\ONLINE SECURITY TEST.URL

InternetDelivery
C:\PROGRAM FILES\INET DELIVERY\INTDEL.EXE
  • 0

Advertisements

#2
koko_crunch
Posted 09 April 2008 - 03:54 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello kakofreak and Welcome to Geeks to Go!

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
kakofreak
Posted 11 April 2008 - 10:45 AM

kakofreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I followed your instructions step by step:
This is the result.




:)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:25 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\avgas-setup-7.5.0.50\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\vwzmnmhu\pmtozwhg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\avgas-setup-7.5.0.50\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\jgvqvwhg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\avgas-setup-7.5.0.50\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [c0a2e5fd] rundll32.exe "C:\WINDOWS\system32\elgnpspr.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [isqeoeak] C:\WINDOWS\system32\jgvqvwhg.exe
O4 - HKLM\..\Policies\Explorer\Run: [01yzJiKILJ] C:\Documents and Settings\All Users\Application Data\vwzmnmhu\pmtozwhg.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59FB70EF-67C6-4E6D-931A-680E8B66C2B6}: NameServer = 85.255.113.117,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.113.117,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.117 85.255.112.26
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.117 85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.117 85.255.112.26
O21 - SSODL: ChkVolume - {128c997b-656f-4e8d-b1e6-b024179d2868} - C:\WINDOWS\Installer\{128c997b-656f-4e8d-b1e6-b024179d2868}\ChkVolume.dll (file missing)
O21 - SSODL: zip - {98ec9a98-721b-482b-973c-4bc6cf4a8ca6} - C:\WINDOWS\Installer\{98ec9a98-721b-482b-973c-4bc6cf4a8ca6}\zip.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\avgas-setup-7.5.0.50\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12309 bytes
  • 0

#4
koko_crunch
Posted 12 April 2008 - 05:03 AM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
You have been infected with multiple types of malware.
No worries, we'll get them cleaned up. :)

Now for the fix.

First,

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Then

Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fi oyxit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

Finally,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#5
kakofreak
Posted 28 April 2008 - 01:36 PM

kakofreak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi.....Again.

Right now I'am in step..... (NewDotNet Removal Procedure 4.)

But I realized that i have no 3 1/2 floppy disk to save NNuninstall.exe

Any suggestion...? :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP