Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.NewMediaTrojan Virus Help... [RESOLVED]

Started by The Aphex Twin , Jul 30 2008 07:19 AM

  • This topic is locked This topic is locked

#16
sage5
Posted 03 August 2008 - 06:47 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi The Aphex Twin,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.



Reboot back into Windows and run Panda ActiveScan:
Open Internet Explorer and paste the following into the address bar http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button.
  • Enter your Country, State/Province & email address
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Perhaps as C:\panda log.txt
Please note where this log is saved, I will need you to post the contents, along with the others mentioned, with a fresh HijackThis log later.



Cheers,

sage5
  • 0

Advertisements

#17
The Aphex Twin
Posted 03 August 2008 - 09:40 PM

The Aphex Twin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Sage5,

Thanks again for responding, you are great. I did as you asked and the report is below as well as a new Hijack this log. The computer seemed to boot up faster the before.

Panda scan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-08-03 22:28:30
PROTECTIONS: 0
MALWARE: 18
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.trafficmp.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\Anti-Spyware\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\Anti-Spyware\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.tribalfusion.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qc4c4udf.default\cookies.txt[.com.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.questionmarket.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tracy\Application Data\Mozilla\Firefox\Profiles\pdjwaw2v.default\cookies.txt[.atwola.com/]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP1840\A0221223.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Desktop\Anti-Spyware\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe
03437690 Adware/MalwareAlarm Adware No 1 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\WINDOWS\system32\IEDFix.exe
03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\Documents and Settings\Owner\Desktop\SmitfraudFix\IEDFix.exe
03445477 Adware/MalwareAlarm Adware No 1 Yes No C:\Documents and Settings\Owner\Desktop\Anti-Spyware\SmitfraudFix\IEDFix.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location aX\s5
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\Owner\Desktop\ComboFix.exe aX\s5
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description aX\s5
;===============================================================================
=================================================================================
===================
133387 MEDIUM MS06-065 aX\s5
133386 MEDIUM MS06-064 aX\s5
133385 MEDIUM MS06-063 aX\s5
133379 HIGH MS06-057 aX\s5
131654 HIGH MS06-055 aX\s5
129977 MEDIUM MS06-053 aX\s5
129976 MEDIUM MS06-052 aX\s5
126093 HIGH MS06-051 aX\s5
126092 MEDIUM MS06-050 aX\s5
126087 HIGH MS06-046 aX\s5
126086 MEDIUM MS06-045 aX\s5
126083 HIGH MS06-042 aX\s5
126082 HIGH MS06-041 aX\s5
126081 HIGH MS06-040 aX\s5
123421 HIGH MS06-036 aX\s5
123420 HIGH MS06-035 aX\s5
120825 MEDIUM MS06-032 aX\s5
120823 MEDIUM MS06-030 aX\s5
120818 HIGH MS06-025 aX\s5
120815 HIGH MS06-022 aX\s5
120814 HIGH MS06-021 aX\s5
117384 MEDIUM MS06-018 aX\s5
114666 HIGH MS06-015 aX\s5
114664 HIGH MS06-013 aX\s5
111790 MEDIUM MS06-011 aX\s5
108744 MEDIUM MS06-008 aX\s5
108743 MEDIUM MS06-007 aX\s5
108742 MEDIUM MS06-006 aX\s5
104567 HIGH MS06-002 aX\s5
104237 HIGH MS06-001 aX\s5
101055 HIGH MS05-054 aX\s5
96574 HIGH MS05-053 aX\s5
93396 HIGH MS05-052 aX\s5
93395 HIGH MS05-051 aX\s5
93394 HIGH MS05-050 aX\s5
93454 MEDIUM MS05-049 aX\s5
;===============================================================================
=================================================================================
===================

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:04 PM, on 8/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 4025 bytes


Thanks,
Shaun
  • 0

#18
sage5
Posted 04 August 2008 - 12:08 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi The Aphex Twin,

Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\app management\arpcache\altnetdm]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Re-run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\hp\bin\Terminator.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\IEDFix.exe
  • Return to OTMoveIt, right click on the Paste list of Files/Folders to be moved window (under the Yellow bar) and choose Paste.
  • Make sure that there is a tick next to Unregister Dll's and OCX's
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove3.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Please post a final HijackThis log & include the text from C:\otmove3.txt
  • 0

#19
The Aphex Twin
Posted 04 August 2008 - 04:14 PM

The Aphex Twin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Sage5,

Here we go, I think we are getting close. :) Here is the OTMove text and the latest HijackThis log:

C:\hp\bin\Terminator.exe moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
C:\WINDOWS\system32\IEDFix.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08042008_171204

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:33 PM, on 8/4/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 4112 bytes

Thanks again,
Shaun
  • 0

#20
sage5
Posted 04 August 2008 - 07:51 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi The Aphex Twin

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTMoveIt:
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.

To Clear Restore points, please do the following:
  • Go to Start > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#21
The Aphex Twin
Posted 05 August 2008 - 07:34 PM

The Aphex Twin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sage5,

Thanks so much for all of your help. You are on my top 10 coolest people list. :) Computer is running great and I'll keep it that way.

Thanks again,
Shaun
  • 0

#22
sage5
Posted 05 August 2008 - 07:43 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You are very welcome Shaun :)

All the best,

sage5
  • 0

#23
sage5
Posted 05 August 2008 - 07:44 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP