Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help, Possible Ahelm Worm? HJT Log And Program List Inside


  • This topic is locked This topic is locked

#1
HateMalware77

HateMalware77

    Member

  • Member
  • PipPip
  • 14 posts
I already posted in the "Windows Vista" Section and the moderator told me to go through the "Malware Cleaning" steps before posting here (ATF Cleaner, SysRestorePoint, ENRUNT, Malwarebytes, etc) and I did, with no luck.

Basically when I go to shutdown my computer or restart it, I get that "Blue Screen of Death" thing where it says, "IRQL_Not_equal_Or_Less"...bunch of other stuff...then, "Physical Memory Dump" followed by numbers counting up, then the computer just restarts back to Windows followed by a message saying "Windows has recovered from a serious error" or something like that.

Other problems are I can't connect to the internet (I'm on another PC right now), when I go to Device Manager I get the ! symbol inside a triangle underneath the "DVD/CD-ROM Drives" section and the "WAN Miniport (Network Monitor)" section.

Im at a complete loss...I have no idea what to do to fix this. Could somebody please help me? I would appreciate it more than anything...I really need to get this PC working again. Thanks everyone...

Here's my HJT Log....(Followed by my "Uninstall List" and my MalwareBytes Log from BEFORE I removed the Malware and then AFTER i Removed the Malware that MB Found)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:21 PM, on 11/22/2008
Platform: Windows Vista (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Program Files\HiJackThis (HJT)\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Desktop SMS Sender Toolbar - {f08228bd-ee04-41c1-a87c-38918f2fdfd3} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CardBoardFish-DesktopSender] "C:\Program Files\CardBoardFish\Desktop SMS Sender\DesktopSMS.exe" /systemtray
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [UltraSMS] "C:\Program Files\UltraSMS\UltraSMS.exe"
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rimsupport.w...rt/ieatgpc1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14648 bytes



Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AIM Toolbar 5.0
AnyDVD
AppCore
Apple Mobile Device Support
Apple Mobile Device Support
Apple Software Update
Apple Software Update
AusLogics Disk Defrag
AV
AVI DivX to DVD SVCD VCD Converter 1.2.0
AVI to DVD Converter
AVI/MPEG/RM/WMV Joiner 4.82
AVIcodec (remove only)
BitTorrent 5.0.9
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
Bonjour
ccCommon
CCleaner (remove only)
CloneCD
CloneDVD2
Command & Conquer Generals
Conexant HD Audio
Desktop SMS Sender
DHTML Editing Component
DivX Codec
DivX Player
DivX Web Player
DVD Flick
Dziobas Rar Player 0.008.9
ERUNT 1.1j
ESU for Microsoft Vista
Google Earth
Google Toolbar for Firefox
Google Updater
GPL MPEG-1/2 DirectShow Decoder Filter
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00006
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
iTunes
iTunes
Java™ 6 Update 6
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Lexmark 5400 Series
Lexmark Toolbar
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software 1.10.27.1
LightScribe Template Designs - Art Pack 1
LightScribeTemplateLabeler
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Moleskinsoft Clone Remover 2.8
Mozilla Firefox (2.0.0.5)
MSCU for Microsoft Vista
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 6.0
My HP Games
Nero 8
neroxml
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OpenOffice.org 2.4
PayPal Plug-In
Plazmic CDK 4.5 for BlackBerry
Project64 1.6
QuickTime
QuickTime
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Shipping Assistant 3.4
SmartSound Quicktracks Plugin
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
The Weather Channel Desktop
TradeManager
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Outlook 2007 Junk Email Filter (kb956080)
VCRedistSetup
VeohTV BETA
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Vongo
Win AVI HelixSDK
WinAVI Video Converter
Windows Media Player Firefox Plugin
XP Codec Pack
Yahoo! Toolbar for Internet Explorer


Malware Bytes Log (First Scan- This Is the Log BEFORE I Removed the Malware MB Found)

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6001

11/22/2008 5:06:06 PM
mbam-log-2008-11-22 (17-05-22) - Before Remove

Scan type: Quick Scan
Objects scanned: 57287
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 9
Folders Infected: 6
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videokey (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\videokey (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\toprates.dll (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\toprates.Video (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91db6b7f-da3a-48dc-954f-f3276a3aa802} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoKey (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26 85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{66a04182-33dd-4616-8a23-53a35102949f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e63ade85-d1b3-42e9-bb77-3afdcbd3f77a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26 85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{66a04182-33dd-4616-8a23-53a35102949f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e63ade85-d1b3-42e9-bb77-3afdcbd3f77a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26 85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{66a04182-33dd-4616-8a23-53a35102949f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e63ade85-d1b3-42e9-bb77-3afdcbd3f77a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.26,85.255.112.155 -> No action taken.

Folders Infected:
C:\Program Files\VideoKey (Trojan.DNSChanger) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoKey (Trojan.DNSChanger) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoKey (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Program Files\VideoKey\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\Log\2007 Dec 09 - 03_00_00 AM_807.log (Rogue.AdwareAlert) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\Log\2007 Dec 09 - 03_00_01 AM_736.log (Rogue.AdwareAlert) -> No action taken.
C:\Users\HP Owner\AppData\Roaming\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoKey\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
C:\Windows\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> No action taken.
C:\Windows\gormet.dll (Trojan.FakeAlert) -> No action taken.


Malware Bytes Log AFTER Malware Had Been Removed From the PC By MB

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 6.0.6001

11/25/2008 12:38:47 AM
mbam-log-2008-11-25 (00-38-47).txt

Scan type: Quick Scan
Objects scanned: 57492
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Any help at all is hugely appreciated! Thank you!!

Edited by HateMalware77, 25 November 2008 - 12:08 AM.

  • 0

Advertisements


#2
HateMalware77

HateMalware77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Any help out there?
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't recommend bumping your topic especially if you posted in the Waiting Room already. Try not to bump at all since the staff here will probably sort topics by those that are unreplied to yet.

You don't any internet at all or just get redirected?

The IRQ error you are getting sounds like it could be a driver issue. I suggest looking into your Device Manager and reinstall the drivers for any hardware that have problems. Also go through the others that are working to make sure there are no conflicts.

Disconnect your system from the internet, and your router, then…

[*]Launch Malwarebytes', select "Perform Quick Scan", then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,032 posts
Oh oh I see Grey Knight has answered you while I was preparing a post.

My apologies to Grey Knight.

Edited by emeraldnzl, 29 November 2008 - 05:29 PM.

  • 0

#5
HateMalware77

HateMalware77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I don't recommend bumping your topic especially if you posted in the Waiting Room already. Try not to bump at all since the staff here will probably sort topics by those that are unreplied to yet.

You don't any internet at all or just get redirected?

The IRQ error you are getting sounds like it could be a driver issue. I suggest looking into your Device Manager and reinstall the drivers for any hardware that have problems. Also go through the others that are working to make sure there are no conflicts.

Disconnect your system from the internet, and your router, then…

[*]Launch Malwarebytes', select "Perform Quick Scan", then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now.



I apologize for the"bump". I wasn't aware of that rule.

To answer your question, "You don't any internet at all or just get redirected?"
I don't get any internet at all. It's strange though because when I go into the window to view the connections that the built in wireless in my PC is picking up, it shows my router (which is named "next to it.router") and it says "Connected" in bold next to it. The problem is, you know how in Windows Vista Home Premium, when you are connected to the internet, it shows an icon in the taskbar on the bottom right of the screen that looks like 2 Computers and they sort of flash and then there is a globe in the same icon? (I think the globe spins while you're connected too). Well, my PC shows the icon of the 2 computers flashing, but there is no globe. Before when I was able to conect to the internet the globe always came up. (it might disappear for a minute if I were to go to the edges of my wireless network when I would start to lose connection, but would come right back up when I came back into range of the router. If I was completely disconnected , it shows the 2 computers and a red "X" in the corner of the icon.)

To respond to, "The IRQ error you are getting sounds like it could be a driver issue. I suggest looking into your Device Manager and reinstall the drivers for any hardware that have problems. Also go through the others that are working to make sure there are no conflicts."
There are definitely driver issues right now with the PC. When I go into Device Manager, right away the subfolder of DVD/CD-Rom comes up with a "!" in a triangle. And the same with under Network adapters, its subfolder called "WAN Miniport (Network Monitor)" has the same ! in a triangle symbol. Problem is, I cant get online to update any drivers. (Unless, is there a way to do it from this PC and transfer it to the problem PC?)

**Also, is there another plan of action you have with this? Because I don't want to reset my router. The last time I did that, it really affected my dad's PC, which is critical to his job, because he runs a website business from the house (and same router - he has no connection problems right now). He couldn't connect to the internet the next day, and he was not happy about it at all, to say the least.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Are the other computers in the house working without any problems (ex: your dad's PC)? If they are ok, don't reset the router as it's an isolated issue. But if they are affected as well, a reset may be needed here.

When you ran Malwarebytes' did you tell it to fix all the problems it found? According to your log, those infected files/entries were left untouched. If that's the case, please run it again and remove all it finds. Post the log here.

If it's affecting your dad's PC right now (find out to make sure), I recommend resetting the router ASAP to get it over with. Just make sure you know the settings to connect back or call up your ISP.
  • 0

#7
HateMalware77

HateMalware77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Are the other computers in the house working without any problems (ex: your dad's PC)? If they are ok, don't reset the router as it's an isolated issue. But if they are affected as well, a reset may be needed here.

When you ran Malwarebytes' did you tell it to fix all the problems it found? According to your log, those infected files/entries were left untouched. If that's the case, please run it again and remove all it finds. Post the log here.

If it's affecting your dad's PC right now (find out to make sure), I recommend resetting the router ASAP to get it over with. Just make sure you know the settings to connect back or call up your ISP.


Yea, it's definitely an isolated issue with my PC only, because my dad's PC connects to the internet fine, and the PC I'm using now (my dad's old one) connects fine.

As for the MalwareBytes log...If you look again, I posted two MB logs. One was from when I ran MB but didn't fix the infections. Then the second log is from after I let MB fix the infections. Later on, I even ran the whole system scan instead of just the quick scan. It only found one infection and removed it with no problem.

I think you're right. The best thing to do is probably to call my ISP to see if they can troubleshoot it for me.

But I do think that I got rid of all the spyware and malware on the PC. I think that there are just some options that aren't selected correctly. What I mean is that, ya know an option like "Allow this computer to connect to a wireless router" or something like that type of thing. Because I came accross an option like that before, but when I clicked "Allow" my PC froze up.But I forget where I found that option.
So do you know of any basic options that might be turned off for some reason that I maybe just need to turn back on? And where I can find them?
I really appreciate all your help and time here helping me by the way. Thank you very much.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
This should be posted in another board since it may not be related to malware. Before you do that, you can check the following to see if they may be the problem:

1. Did you confirm that the wireless settings you entered is correct (assuming you are using WEP/WPA on your router)?
2. If you do a ipconfig do you get an IP address returned? Do you know if the router is assigning a dynamic IP for all devices?

Can't think of anything else at the moment, but I'm sure there are a few other things to check. If that still doesn't resolve the issue, post this question in the appropriate board to get proper attention/support.
  • 0

#9
HateMalware77

HateMalware77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

This should be posted in another board since it may not be related to malware. Before you do that, you can check the following to see if they may be the problem:

1. Did you confirm that the wireless settings you entered is correct (assuming you are using WEP/WPA on your router)?
2. If you do a ipconfig do you get an IP address returned? Do you know if the router is assigning a dynamic IP for all devices?

Can't think of anything else at the moment, but I'm sure there are a few other things to check. If that still doesn't resolve the issue, post this question in the appropriate board to get proper attention/support.


Ok I will do that. Hopefully that helps solve the problem. Thanks for all your help GreyKnight17!!
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. Hope you find the solution you need.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP