Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System and Browser Crashing/Malware/Spyware [CLOSED]

Started by MaryJane de Nova , Jul 27 2008 03:58 PM

  • This topic is locked This topic is locked

#1
MaryJane de Nova
Posted 27 July 2008 - 03:58 PM

MaryJane de Nova

    New Member

  • Member
  • Pip
  • 2 posts
I was hit by a trojan virus, and now my entire system is infected. Explorer crashes multiple times a day; I can't open IE to browse at all. Firefox will, on occasion, crash as well, but it's more reliable lately than IE.

Even though my programs continue to run, the taskbar at the bottom of my screen will disappear randomly, as will the desktop, and the only way I can get them to reappear is to log off my Windows account and log back on again. I have to toggle between programs using the Task Manager and selecting "Bring to Front" when this happens.

I have pop-ups through Firefox, usually adult ads. Whenever I boot up the computer, I get an error for CTMBHA.dll, which I know is related to Creative Media Source, but it came with the computer, so I don't have the original CD to reinstall it.

I will have random error messages for Dr. Watson PostMortem Debugger. Also, when I perform a search for files via the Start Menu, my computer will often lock up. I'm at a loss, so any help would be greatly appreciated.

Thank you so much!

MJ
([email protected])


HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:10 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1170460250\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pat and Candace\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {118A4987-5384-4588-87BC-578750BD708A} - (no file)
O2 - BHO: (no name) - {1407C7AB-6A2A-40CA-8847-EFEC52358DAD} - (no file)
O2 - BHO: (no name) - {2658EEAC-EF1B-48EF-BCBD-53BFA2EC9B73} - (no file)
O2 - BHO: (no name) - {359CE58B-DE72-4B7E-A658-9A4F5845F1EE} - (no file)
O2 - BHO: (no name) - {47BDB81A-1A19-4D35-A511-D8A7724B5910} - (no file)
O2 - BHO: (no name) - {4ca8fefc-7f19-4b40-a3e5-3f4167e699a9} - (no file)
O2 - BHO: (no name) - {59b2ec40-558a-4264-a3ce-cf336688464a} - (no file)
O2 - BHO: (no name) - {5aad16b0-d4d7-4da4-bcbb-9b8046e58a18} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5E788EFC-F0C5-4346-BEA8-86F5DBBBCA4B} - (no file)
O2 - BHO: (no name) - {6A2B47FA-093B-4776-9A5E-5462D0F348DA} - (no file)
O2 - BHO: (no name) - {701b7857-1542-4b42-a2c1-282c0e148664} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8177C144-6166-4979-86DD-A91C99CBAF5B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {976F6BEC-5871-4B7B-AA56-9B0A7026F0FF} - (no file)
O2 - BHO: (no name) - {a3736322-5d45-4d98-8871-d9bd2b25fbbd} - (no file)
O2 - BHO: (no name) - {a613faa0-22c6-41da-9eb0-695fd3ad8017} - (no file)
O2 - BHO: (no name) - {A690D6C7-D070-4C2D-8420-C8067EDBEA15} - (no file)
O2 - BHO: (no name) - {B988EB61-03E2-42FE-A4DC-BFAD597FE6A4} - (no file)
O2 - BHO: (no name) - {c02e8e3d-e646-48b3-b245-8e42ed99fff9} - (no file)
O2 - BHO: (no name) - {c0622286-7c53-4380-8960-75dfe7a230b5} - (no file)
O2 - BHO: (no name) - {E445C584-8CD7-4F27-9454-1B85CA0343B3} - (no file)
O2 - BHO: (no name) - {F4A63F1C-0942-4EFA-B84A-3A8480981C2A} - (no file)
O2 - BHO: (no name) - {FA53D716-EB47-4F16-BA36-424A87A50526} - (no file)
O2 - BHO: (no name) - {FB0DE5FC-BA24-44C7-A148-9DB846104A5C} - (no file)
O2 - BHO: (no name) - {FB590ACB-827F-417D-9BD6-14547332A4BD} - (no file)
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170460250\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellso...aller_4-2-1.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{909D23B8-86B9-4312-B54D-EFCE689E9BC2}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcddab - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8404 bytes



MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.23
Database version: 999
Windows 5.1.2600 Service Pack 2

5:42:25 PM 7/27/2008
mbam-log-7-27-2008 (17-42-25).txt

Scan type: Quick Scan
Objects scanned: 54161
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 46
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 168

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkhhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\phdoissn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Pat and Candace\Local Settings\Temporary Internet Files\Content.IE5\YHI1KL45\3077ahntdksr[1].dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\aqnrnl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oxvsiqac.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0aa1ff90-1e34-4c42-ad93-af0373245dff} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0aa1ff90-1e34-4c42-ad93-af0373245dff} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{480fa575-eccd-4c55-9ae1-a8f25a184064} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{480fa575-eccd-4c55-9ae1-a8f25a184064} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1dfc3688-4d26-472e-b86c-a2b576e8903e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dfc3688-4d26-472e-b86c-a2b576e8903e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f139e1a8-069f-42f9-ab3c-1ea58e58d183} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f139e1a8-069f-42f9-ab3c-1ea58e58d183} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{b7f66d09-d1e6-4a79-9743-f3579ad82ed5} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4811603f-8f2d-43f9-8f2f-3fdcaa8a1b7b} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ee92f989-cb72-469b-82e6-99ca303a6059} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Spruce (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\30f896fb (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhhe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhhe.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\jkhhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ehhkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehhkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqnrnl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aoeaojsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsjoaeoa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autsdnka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akndstua.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfgblcky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykclbgfb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgbyltbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xbtlybgb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btyldffw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wffdlytb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cugspuex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xeupsguc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwafqkng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gnkqfawc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fibqagqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqgaqbif.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnyiiyul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyiiynf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsxwqqet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teqqwxsf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvixbuuh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huubxivf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gehilaep.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pealiheg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hexmddkm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mkddmxeh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkmsanew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wenasmkh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idonyror.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rorynodi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inobbire.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eribboni.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdyrwuuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juuwrydj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\josnnavk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvannsoj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvgkmqor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roqmkgvk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntboguiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qiugobtn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohckjunn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnujkcho.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohlsgjui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iujgslho.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owcwtgwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwgtwcwo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\padliucu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucuildap.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phdoissn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nssiodhp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qwyfawtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dtwafywq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfgjqwec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cewqjgfr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgtjawot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\towajtgr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsloxgla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\algxolsr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfmpuawv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwaupmfs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sipmgdob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bodgmpis.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sydpotsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jstopdys.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfpqjkae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eakjqpft.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukwxdkaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wakdxwku.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdvmbirk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kribmvdw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wimiysiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisyimiw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xawggcmd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmcggwax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yqdgphub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhpgdqy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrpwmrfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfrmwpry.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temporary Internet Files\Content.IE5\YHI1KL45\3077ahntdksr[1].dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\oxvsiqac.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kfeoky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiuajxcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klcezx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krupordx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvuhlafv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cuoxgtrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cyiudgdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgdyamgp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inebdehw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjqxyoek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlfieidj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnrujqpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtddwcma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mljnou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpsagsae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuvcrabc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwcfhvdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puymzv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhnjkosj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjnzgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpewcqsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvdkoaba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxxteh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\veffnrab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akubjgtx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqiadunq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\breulxqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpxgvdbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgnfrpvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gisydprp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lekdguqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rulrxvea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvwxfrul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcaqqyhr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\projajmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pstgqvee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhkkvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivctqvqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbtdnq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcoyvqog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjosywqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqrmlouq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idwwfoxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqrychbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmgnhcw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmtypta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuaxou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\furwtcgv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnidecpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hewthdjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoocytwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbhgnjua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scgdnp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmnjbnrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnuvdpgl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hannhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvpqakdu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mapyoifw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vnobfxwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adloinnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlrrewqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xogrkdca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xpryex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtoyygds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwtbbqtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kafudauc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evepuahp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\royphqqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uenffx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufwqnxdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uklvdtri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxufdnsa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yphtnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yykibblk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yzzwro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temp\k11u88.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temp\HPZASDA213D.0 (Trojan.Advhost) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temporary Internet Files\Content.IE5\WD63G52F\kb767887[1] (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM33cba567.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM33cba567.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temp\xpre.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pat and Candace\Local Settings\Temp\xrun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

Advertisements

#2
fenzodahl512
Posted 27 July 2008 - 04:16 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {11359F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - {118A4987-5384-4588-87BC-578750BD708A} - (no file)
O2 - BHO: (no name) - {1407C7AB-6A2A-40CA-8847-EFEC52358DAD} - (no file)
O2 - BHO: (no name) - {2658EEAC-EF1B-48EF-BCBD-53BFA2EC9B73} - (no file)
O2 - BHO: (no name) - {359CE58B-DE72-4B7E-A658-9A4F5845F1EE} - (no file)
O2 - BHO: (no name) - {47BDB81A-1A19-4D35-A511-D8A7724B5910} - (no file)
O2 - BHO: (no name) - {4ca8fefc-7f19-4b40-a3e5-3f4167e699a9} - (no file)
O2 - BHO: (no name) - {59b2ec40-558a-4264-a3ce-cf336688464a} - (no file)
O2 - BHO: (no name) - {5aad16b0-d4d7-4da4-bcbb-9b8046e58a18} - (no file)
O2 - BHO: (no name) - {5E788EFC-F0C5-4346-BEA8-86F5DBBBCA4B} - (no file)
O2 - BHO: (no name) - {6A2B47FA-093B-4776-9A5E-5462D0F348DA} - (no file)
O2 - BHO: (no name) - {701b7857-1542-4b42-a2c1-282c0e148664} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8177C144-6166-4979-86DD-A91C99CBAF5B} - (no file)
O2 - BHO: (no name) - {976F6BEC-5871-4B7B-AA56-9B0A7026F0FF} - (no file)
O2 - BHO: (no name) - {a3736322-5d45-4d98-8871-d9bd2b25fbbd} - (no file)
O2 - BHO: (no name) - {a613faa0-22c6-41da-9eb0-695fd3ad8017} - (no file)
O2 - BHO: (no name) - {A690D6C7-D070-4C2D-8420-C8067EDBEA15} - (no file)
O2 - BHO: (no name) - {B988EB61-03E2-42FE-A4DC-BFAD597FE6A4} - (no file)
O2 - BHO: (no name) - {c02e8e3d-e646-48b3-b245-8e42ed99fff9} - (no file)
O2 - BHO: (no name) - {c0622286-7c53-4380-8960-75dfe7a230b5} - (no file)
O2 - BHO: (no name) - {E445C584-8CD7-4F27-9454-1B85CA0343B3} - (no file)
O2 - BHO: (no name) - {F4A63F1C-0942-4EFA-B84A-3A8480981C2A} - (no file)
O2 - BHO: (no name) - {FA53D716-EB47-4F16-BA36-424A87A50526} - (no file)
O2 - BHO: (no name) - {FB0DE5FC-BA24-44C7-A148-9DB846104A5C} - (no file)
O2 - BHO: (no name) - {FB590ACB-827F-417D-9BD6-14547332A4BD} - (no file)
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
MaryJane de Nova
Posted 29 July 2008 - 06:02 PM

MaryJane de Nova

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi, fenzodahl512, and thank you for the help.

I followed the instructions for the HiJack This procedure, but when I moved to the next step, the DSS.exe crashes halfway through. I made certain my firewall was not interfering and that the program was unblocked and tried several more times, but it will not work.

Any suggestions?

Thanks,
MJ
  • 0

#4
fenzodahl512
Posted 29 July 2008 - 06:09 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hi.. could you try below? Make sure you save DSS in your Desktop

Please go to Start >> Run >> and copy/paste below into the box >> Press Enter

"%userprofile%\desktop\dss.exe" /config


At DSS configuration box, press Check All button and then press Scan!

DO NOT tick the Backup Registry Hives option.

UNTICK the Temp Cleanup option.

After that please post the main.txt and extra.txt here


Regards
fenzodahl512
  • 0

#5
fenzodahl512
Posted 06 August 2008 - 03:06 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP