Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antispywareexpert infection [CLOSED]


  • This topic is locked This topic is locked

#1
JasminePetal

JasminePetal

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I have been trying to fix my computer for weeks now, but it seems Malware keeps coming back and actually gets worse. I finally ran ComboFix today. Here is my Combofix and HijackThis log. Any help would be greatly appreciated!

Julia


ComboFix 08-05-29.1 - julialee 2008-05-30 14:28:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1627 [GMT -7:00]
Running from: E:\asdf.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\LocalService\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\LocalService\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\QdrDrive
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\BM9b64e412.xml
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\aiyofjce.dll
C:\WINDOWS\system32\akknhaqn.exe
C:\WINDOWS\system32\augdudnm.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bifegmod.dll
C:\WINDOWS\system32\cbhkkrrd.dll
C:\WINDOWS\system32\cbrmfpxb.dll
C:\WINDOWS\system32\cjvtsocj.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cnmauscm.exe
C:\WINDOWS\system32\djbunsya.exe
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\rdpdrr.sys
C:\WINDOWS\system32\dsidvers.exe
C:\WINDOWS\system32\fknbhfdp.dll
C:\WINDOWS\system32\gambnoiu.dll
C:\WINDOWS\system32\gnrbmecr.ini
C:\WINDOWS\system32\hmxcygvd.dll
C:\WINDOWS\system32\ibffiymx.dll
C:\WINDOWS\system32\ieophrgn.dll
C:\WINDOWS\system32\imgtktvw.exe
C:\WINDOWS\system32\lgwnogys.dll
C:\WINDOWS\system32\LlTDeMoq.ini
C:\WINDOWS\system32\LlTDeMoq.ini2
C:\WINDOWS\system32\lmbmaska.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mkbjyfwe.dll
C:\WINDOWS\system32\mmddtmae.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mttxpfvp.ini
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\ndffudhn.dll
C:\WINDOWS\system32\ndquspdo.ini
C:\WINDOWS\system32\nirkoxry.exe
C:\WINDOWS\system32\oltlakdr.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pvfpxttm.dll
C:\WINDOWS\system32\qoMeDTlL.dll
C:\WINDOWS\system32\rdkaltlo.ini
C:\WINDOWS\system32\rrhmxegn.dll
C:\WINDOWS\system32\sahghdio.dll
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\sotlxdqe.ini
C:\WINDOWS\system32\sxhxaaey.dll
C:\WINDOWS\system32\tisfhtdp.ini
C:\WINDOWS\system32\wfsmhqbo.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\wogfrrxg.ini
C:\WINDOWS\system32\wvqmvhmd.dll
C:\WINDOWS\system32\xqeqtxcx.dll
C:\WINDOWS\system32\yepocmii.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe
C:\WINDOWS\wintst32.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RDPDRR
-------\Service_MsSecurity1.209.4
-------\Service_rdpdrr


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-04-27 02:18 . 2008-04-27 02:19 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-27 01:56 . 2008-04-27 01:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-27 01:55 . 2008-04-27 01:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-27 01:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-27 01:53 . 2008-04-27 01:53 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-27 01:49 . 2006-11-12 23:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-04-27 01:49 . 2006-11-12 23:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-04-27 01:49 . 2006-11-12 23:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-04-27 00:52 . 2008-04-27 00:52 298,303 --a------ C:\WINDOWS\system32\gside.exe
2008-04-27 00:52 . 2008-04-27 00:52 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-27 00:37 . 2008-04-27 01:55 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-27 00:37 . 2008-04-27 01:55 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-27 00:37 . 2008-04-27 01:55 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-27 00:29 . 2008-04-27 00:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-27 00:29 . 2008-04-27 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-27 00:29 . 2008-04-27 00:29 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-04-27 00:27 . 2008-05-13 23:27 1,695 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-27 00:27 . 2008-04-27 00:27 578 --a------ C:\WINDOWS\index.html
2008-04-26 16:42 . 2008-04-26 16:42 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-26 16:42 . 2008-04-27 00:23 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-26 16:11 . 2008-04-26 16:11 39,424 --a------ C:\WINDOWS\system32\khfCULbx.dll
2008-04-26 14:54 . 2008-04-26 14:54 39,424 --a------ C:\WINDOWS\system32\hgGaxvsR.dll
2008-04-26 14:52 . 2008-04-27 12:48 <DIR> d-------- C:\WINDOWS\system32\wTMP
2008-04-26 14:52 . 2008-04-27 00:45 <DIR> d--hs---- C:\WINDOWS\anVsaWFsZWU
2008-04-26 14:52 . 2008-04-26 14:52 401,102 --a------ C:\WINDOWS\system32\g85.exe
2008-04-26 14:52 . 2008-04-26 14:52 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-26 14:52 . 2008-04-26 14:52 39,424 --a------ C:\WINDOWS\system32\wvUnOiJa.dll
2008-04-26 14:51 . 2008-04-26 14:51 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-26 14:51 . 2008-04-26 14:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-26 14:51 . 2008-05-15 01:23 49,152 --a------ C:\WINDOWS\system32\clbdll.old
2008-04-26 14:51 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 20:58 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-27 07:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 07:25 --------- d-----w C:\Documents and Settings\julialee\Application Data\uTorrent
2008-04-26 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-12 09:50 --------- d-----w C:\Documents and Settings\julialee\Application Data\OpenOffice.org2
2008-04-12 01:27 --------- d-----w C:\Program Files\TurboTax
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}]
2008-04-26 14:52 39424 --a------ C:\WINDOWS\system32\wvUnOiJa.dll

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}"= C:\WINDOWS\system32\wvUnOiJa.dll [2008-04-26 14:52 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUnOiJa]
wvUnOiJa.dll 2008-04-26 14:52 39424 C:\WINDOWS\system32\wvUnOiJa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2004-08-04 05:00 11776 C:\WINDOWS\system32\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2005-08-19 19:34 3084288 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 21:27:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 14:41:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wvUnOiJa.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Yahoo! Inc\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-30 14:44:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 21:44:14

Pre-Run: 14,094,307,328 bytes free
Post-Run: 14,466,498,560 bytes free

259


----------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:06 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Yahoo! Inc\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [BM9b64e412] Rundll32.exe "C:\WINDOWS\system32\vhnqkayu.dll",s
O4 - HKLM\..\Run: [9857d78e] rundll32.exe "C:\WINDOWS\system32\lcdwrmmf.dll",b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193978742421
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Yahoo! Inc\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6037 bytes

Edited by JasminePetal, 30 May 2008 - 04:21 PM.

  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello JasminePetal,

I am Thunderbird1988 and I am going to fix your malwareproblems. If you have questions, feel free to ask :)

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thunderbird1988
  • 0

#3
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP