Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware And Trojans


  • This topic is locked This topic is locked
12 replies to this topic

#1 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 29 May 2007 - 12:56 PM

Ok so about 2 weeks ago I made the mistake of trying to download something from one of my friends and immediately got infected with viruses. I have ran an avast scan, ad-aware scan and a spybot scan. They said that they removed the files but I amn still having problems. Mainly I am getting loads of Pop-ups in IE. And to a lesser extent, some in firefox. Avast also regulary pops up a box from the resident scanner informing me that "Malware was found". The one that appears most often is Win32:Dialer-BN [Trj] with the web address http :%20%20//gameglobin.info/g.php?wmid=bg004, saying it is trying to connect to my computer. This happens quite a lot and sometimes it is a different address and virus but thats the one that appears regularly. I have done a HiJack this scan (after a reeboot) and it appears with the following. Anything else you need give me a shout. Thanks.

--------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:55:16, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ieohkbsu.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175461189515
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

[edit]Live link disabled[/edit] Rogue

Edited by R0gue, 29 May 2007 - 08:09 PM.

    Advertisements

Register to Remove


#2 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 29 May 2007 - 08:05 PM

Hi John ,

Welcome to Tom Coyote Forums

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Since there may be other issues with your system besides your original symptoms, please continue to follow this thread until I have given you an "All Clean.".
If you can do these things, everything should go smoothly.

Ready? Let's go.

*=========================*

Rename Hijackthis:

Locate the program Hijackthis.
(C:\Program Files\Hijackthis\HijackThis.exe)
Select the file, Hijackthis.exe, right-click and select Rename.
Please change the name to: icmore.exe
Then please could you post a new Hijackthis log.
*========================*

Please download VundoFix by Atribune to your Desktop
http://www.atribune..../click.php?id=4
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
*=========================*

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ieohkbsu.dll",realset

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

*=========================*

CreateUninstall List with Hijackthis
This is how you do that:
Open HiJackThis
Click on the tab "Open the Misc Tools Session"
Click on the Box that says "Uninstall Manager"
Click on the button "Save list"
Copy and past the List from notepad into your post
*=========================*

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\WINDOWS\retadpu1000272.exe

*=========================*

Please post the following;
New hijackthis log (icmore)
C:\vundofix.txt
uninstall list

Thanks,
Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#3 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 09:27 AM

Rename Hijackthis:

Locate the program Hijackthis.
(C:\Program Files\Hijackthis\HijackThis.exe)
Select the file, Hijackthis.exe, right-click and select Rename.
Please change the name to: icmore.exe
Then please could you post a new Hijackthis log.
*========================*


done. here is the new log. do you want me to do the rest of those things just now aswell?

Logfile of HijackThis v1.99.1
Scan saved at 16:26:07, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\TEMP\winBA7.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\icmore.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\oqmoqiqk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FB3A478-4961-45AD-831E-6EB6C53A21E1} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\byxwxyw.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ieohkbsu.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175461189515
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxwxyw - C:\WINDOWS\SYSTEM32\byxwxyw.dll
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Edited by J o h n, 30 May 2007 - 09:28 AM.


#4 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 10:23 AM

Please download VundoFix by Atribune to your Desktop
http://www.atribune..../click.php?id=4

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
*=========================*



ok, going to go through with everything else now. really appreciate your help on this. thanks



VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:31:22 29/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ieohkbsu.dll
C:\WINDOWS\system32\usbkhoei.ini
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 16:29:37 30/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxwxyw.dll
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\endhqopp.dll
C:\WINDOWS\system32\ieohkbsu.dll
C:\WINDOWS\system32\jkkiijh.dll
C:\WINDOWS\system32\usbkhoei.ini
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\wfdfefhl.dll
C:\WINDOWS\system32\wvuvtuu.dll
C:\WINDOWS\system32\xbadd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxwxyw.dll
C:\WINDOWS\system32\byxwxyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ieohkbsu.dll
C:\WINDOWS\system32\ieohkbsu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkiijh.dll
C:\WINDOWS\system32\jkkiijh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\usbkhoei.ini
C:\WINDOWS\system32\usbkhoei.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfdfefhl.dll
C:\WINDOWS\system32\wfdfefhl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvtuu.dll
C:\WINDOWS\system32\wvuvtuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini Has been deleted!

Performing Repairs to the registry.
Done!


-------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 17:20:01, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\icmore.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\oqmoqiqk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FB3A478-4961-45AD-831E-6EB6C53A21E1} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175461189515
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

#5 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 10:32 AM

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ieohkbsu.dll",realset

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

*=========================*



Ok I deleted the first file that you told me to there, but the second file didn't appear in the list: "O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ieohkbsu.dll",realset" I assume it was possibly deleted by one of the previous steps? Anyway it doesn't appear to be there anymore





CreateUninstall List with Hijackthis
This is how you do that:
Open HiJackThis
Click on the tab "Open the Misc Tools Session"
Click on the Box that says "Uninstall Manager"
Click on the button "Save list"
Copy and past the List from notepad into your post
*=========================*



AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
C-Media WDM Audio Driver
DivX Codec
eMule
ffdshow [rev 1058+] [2007-03-22]
Guitar Pro 5.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterVideo Installer
InterVideo WinDVD 4
InterVideo WinRip
iTunes
J2SE Runtime Environment 5.0 Update 3
LimeWire 4.12.11
Logitech Desktop Messenger
Logitech SetPoint
Messenger Plus! Live
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (1.5)
Nero 6 Ultra Edition
NETGEAR Wireless Adapter WG311T
NVIDIA Audio Driver
NVIDIA Drivers
Outerinfo
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Spybot - Search & Destroy 1.4
Tag&Rename 3.3
Tracks Eraser Pro v6.1
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
ViewSonic Monitor Drivers
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

#6 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 10:45 AM

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\WINDOWS\retadpu1000272.exe

*=========================*

Please post the following;
New hijackthis log (icmore)
C:\vundofix.txt
uninstall list

Thanks,
Rogue


Ok, deleted that file. Here are the logs:


Logfile of HijackThis v1.99.1
Scan saved at 17:35:50, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\icmore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\oqmoqiqk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FB3A478-4961-45AD-831E-6EB6C53A21E1} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175461189515
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


------------------------------------

Vundofix: No infected files were found.

-----------------------------------------

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
C-Media WDM Audio Driver
DivX Codec
eMule
ffdshow [rev 1058+] [2007-03-22]
Guitar Pro 5.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterVideo Installer
InterVideo WinDVD 4
InterVideo WinRip
iTunes
J2SE Runtime Environment 5.0 Update 3
LimeWire 4.12.11
Logitech Desktop Messenger
Logitech SetPoint
Messenger Plus! Live
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (1.5)
Nero 6 Ultra Edition
NETGEAR Wireless Adapter WG311T
NVIDIA Audio Driver
NVIDIA Drivers
Outerinfo
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Spybot - Search & Destroy 1.4
Tag&Rename 3.3
Tracks Eraser Pro v6.1
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
ViewSonic Monitor Drivers
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

-----------------------------

Thanks very much for all your help. I think it might still be infected as avast pooped up a box telling me malware was found halfway through the last vundofix scan that I did there, anyway, I'm sure you will know what to do. Thanks again,

John

#7 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 30 May 2007 - 11:06 AM

Hi John,

Good work. We still have some more to do though

Download ATF Cleaner by Atribune and save it to your Desktop.
*=========================*

Download and install AVG Anti-Spyware v7.5
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
*========================*

Temporarily Disable Security Programs
You have Spybot's TeaTimer installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Be sure to re-enable after the fix is complete

Disable Spybot's TeaTimer.
First:
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Then:
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
Uncheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
*=========================*

Remove Programs
Please Click Start > Control Panel > Add/Remove Programs

Remove these programs by clicking Remove

J2SE Runtime Environment 5.0 Update 3 << Link for updated version at end of fix
Outerinfo

If some programs listed are not present, please do not panic
*=========================*

Please visit www.uploadmalware.com.
  • Enter your username in the first field.
  • In the 2nd field, include a link to this thread ( http://forums.tomcoy...ans_t79847.html )
  • Press the Browse button next to the first File(s) To Submit: field.
  • Browse to the following file and upload it:
    C:\WINDOWS\system32\oqmoqiqk.dll
Reopen VundoFix.exe
<right-click> in the main program window, choose "Add more files?".
Type or Copy and Paste the next line into the box EXACTLY AS SHOWN:

C:\WINDOWS\system32\oqmoqiqk.dll

Click Close Window, then Remove Vundo.

You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
*=========================*

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\oqmoqiqk.dll
O2 - BHO: (no name) - {5FB3A478-4961-45AD-831E-6EB6C53A21E1} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
*=========================*

Boot to Safe Mode
Please print the instructions below or copy and paste to Notepad since you will not have internet access while in Safe Mode.
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, continually press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
*=========================*

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\WINDOWS\SYSTEM32\winjrs32.dll
*=========================*

Double-click ATF-Cleaner.exe to run the program.
Make sure that all browser windows are closed
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.
*=========================*

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
*=========================*

Reboot your PC in Normal Mode
*=========================*

Please update Java Runtime Environment

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6.1 Update
  • The current version can be downloaded from Sun here: http://java.sun.com/...loads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u1'
    Selcted either Windows Online or Windows Offline download and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
*=========================*

Please post the following;

New hijackthis log
C:\vundofix.txt
AVG Anti-Spyware log

Thanks,

Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#8 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 12:07 PM

Hi John,

Good work. We still have some more to do though

Download ATF Cleaner by Atribune and save it to your Desktop.
*=========================*

Download and install AVG Anti-Spyware v7.5

  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
*========================*

Temporarily Disable Security Programs
You have Spybot's TeaTimer installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Be sure to re-enable after the fix is complete

Disable Spybot's TeaTimer.
First:
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Then:
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
Uncheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
*=========================*

Remove Programs
Please Click Start > Control Panel > Add/Remove Programs

Remove these programs by clicking Remove

J2SE Runtime Environment 5.0 Update 3 << Link for updated version at end of fix
Outerinfo

If some programs listed are not present, please do not panic
*=========================*

Please visit www.uploadmalware.com.
  • Enter your username in the first field.
  • In the 2nd field, include a link to this thread ( http://forums.tomcoy...ans_t79847.html )
  • Press the Browse button next to the first File(s) To Submit: field.
  • Browse to the following file and upload it:
    C:\WINDOWS\system32\oqmoqiqk.dll
Reopen VundoFix.exe
<right-click> in the main program window, choose "Add more files?".
Type or Copy and Paste the next line into the box EXACTLY AS SHOWN:

C:\WINDOWS\system32\oqmoqiqk.dll

Click Close Window, then Remove Vundo.

You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
*=========================*

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\oqmoqiqk.dll
O2 - BHO: (no name) - {5FB3A478-4961-45AD-831E-6EB6C53A21E1} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
*=========================*

Boot to Safe Mode
Please print the instructions below or copy and paste to Notepad since you will not have internet access while in Safe Mode.
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, continually press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
*=========================*

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

C:\WINDOWS\SYSTEM32\winjrs32.dll
*=========================*


I got this far, but it won't let me delete that file, it just tells me to check that it is not write-potected or currently in use. Its not read only or anything as I checked. I was definately in safe mode at the time and completed the rest of the instructions. Should I go through with the rest of it or do we need to delete this file first?

#9 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 30 May 2007 - 01:47 PM

Please continue. We'll attack it afterwards a different way if AVG AntiSpyware dosen't pick it up
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#10 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 May 2007 - 03:13 PM

Ok everything else seemed to work fine and as yet I haven't had any virus warning messages come up so its looking good so far. Here's all the logs. Thanks again.
Is it ok to leave these files in quarentine or should they get deleted from that aswell? Just wondering
-----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:04:37, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hijackthis\icmore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key

Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1175461189515
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser

Pro\delautocomp.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file

missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file

missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth

Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc.


-------------------------------------------------------

Vundo Fix: No Files Found

----------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:54:06 30/05/2007

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\b122.exe.bin/b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\b136.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP166\A0022403.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP176\A0028106.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxwxyw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP173\A0024945.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP177\A0028247.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP166\A0022403.exe/keygen.exe -> Downloader.Nurech.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP166\A0022405.exe -> Downloader.Nurech.ak : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.12:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.46:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.47:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.164:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.165:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.92:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.93:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.101:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.208:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.106:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\Louise Fleming\Application Data\Mozilla\Firefox\Profiles\rj6fp988.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.246:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.247:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.151:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.54:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.107:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.108:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.109:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.112:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.113:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.233:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.186:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.183:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.184:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.35:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.88:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.114:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.60:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.25:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.28:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.29:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.64:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.215:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.216:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.127:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.201:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.202:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.203:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.204:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.115:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.251:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.252:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.253:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.255:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.106:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.123:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.195:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.78:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.248:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.23:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\John Fleming\Application Data\Mozilla\Firefox\Profiles\k721jhve.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\Douglas Fleming\Application Data\Mozilla\Firefox\Profiles\anlz3egi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{52745816-B22A-4B13-8117-7EF9735C90A1}\RP144\A0015055.exe -> Trojan.Agent.vw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winjrs32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).


::Report end

#11 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 30 May 2007 - 03:35 PM

Hi John,

Is it ok to leave these files in quarentine or should they get deleted from that aswell? Just wondering

You can remove those items in the quarantine.

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
*=========================*

Renable Spybot's TeaTimer

*=========================*

Let's tidy things up a bit.

Uninstall/Remove Unnecessary Tools/Files

C:\VundoFix Backups <<Folder
C:\vundofix.txt << file
VundoFix.exe from desktop


These were problem specific and were not intended for everyday use.

Optional Tools/Files to Uninstall
ATF Cleaner (atf.exe) , is a great tool for removing temp files and helping the system performance. Run weekly or daily depending on use.
AVG Anti Spyware, this is a great scanner to use. (IMHO) This will auto update for 30 days. Afterwards you will need to update manually before scanning. Scan weekly if you have high internet use..
*========================*

Flush System Restore
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a Restore Point, and then click Ok

Next, go to Start > Run and type in cleanmgr
Select the More Options tab
Choose the option to Clean Up System Restore and select OK.
This will remove all restore points except the new one you just created
*========================*

This is my post for when you are All Clean - which you seem to be.

But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items or completed steps)

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
Click here for more information on -> Computer Safety On line - Anti-Virus
In case you do NOT have any antivirus software installed in your computer or yours has expired, you may use one of the following.Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - this keeps your computer safe from hackers AS WELL AS from several computer viruses (mostly worms) which spread through the internet by using security holes of Windows. Have in mind that these are FREE FULL versions of the software and they lack of some features available in their shareware versions. Nevertheless, the FREE versions are capable of providing a basic firewall protection to your computer.Click here for more information on Firewalls -> Computer Safety On line - Software Firewalls


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Set up system to ensure a regular update of the Operating System.

Automatically:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click on Automatic Updates
  • Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
    Notify Me option so that you can download when you can afford the time and bandwidth overheads.
  • Select the Day/Time of choice
  • Click Apply
  • Click OK

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  • Install Spybot© - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Lavasofts© Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Javacools© SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here for more info -->Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and you are less susceptible to attacks.

If you have any questions let me know.

Other wise safe surfing,

Rogue
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

#12 J o h n

J o h n

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 01 June 2007 - 11:50 AM

Thank you VERY much for all your help. I was going to format it but you have saved me from doing that. Will download some of those recommended programs aswell. Got most of them but will add a couple. Thanks again, John.

#13 Rogue

Rogue

    Authentic Member

  • Authentic Member
  • PipPip
  • 179 posts

Posted 01 June 2007 - 03:19 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Rogue
Trained at MalWare Removal University - A Cooperative Effort with WhatTheTech Classroom

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users