Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] White screen


  • This topic is locked This topic is locked
6 replies to this topic

#1 rlstrut

rlstrut

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 17 November 2007 - 05:22 PM

This is what is left of my last hijack this log. I have tried to solve this myself, but have failed-please help.

Logfile of HijackThis v1.99.1
Scan saved at 6:07:44 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1194994710484
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileop...nt/FileOpen.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    Advertisements

Register to Remove


#2 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 17 November 2007 - 08:56 PM

Welcome to the forum. Your log actually looks OK.

Run both of these programs..they should find it.

-------------------

1. Download RVAXO.exe to your desktop.

2. Double click on RVAXO.exe and choose unzip.
It will install to a folder called Rvaxo.

3. Now open up the Rvaxo folder and double click on RVAXO.cmd

You will see a small window pop up, and quickly some lines will run , then the window will close by itself, this is normal behavior.
Then it is possible for an uninstaller of some roque scanner to start up, do not close this but follow all prompts there, and let it run its course.

4. When it's done the computer will reboot.....press any key to reboot.

5. After reboot RVAXO will run again, let it finish

6. After it's done it will create a file called RVAXO-results.log in C:\RVAXO-results.log

7. Copy and paste it back here.

--------------------

Download combofix.exe To Your Desktop from the link below:
http://download.blee...Bs/ComboFix.exe

Double click combofix.exe & follow the prompts.
A window will open with a warning.
Type "Y" (and Enter) to start the fix.
When the scan completes it will open a text window.
Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

------------------

Post the logs form RVAXO and ComboFix as well as a fresh HJT log, MrC


#3 rlstrut

rlstrut

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 18 November 2007 - 06:35 AM

here are the two logs you requested, will reply when you respond with what you think of them:

----------------RVAXO.exe first run-------------

Files found:


Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------





ComboFix 07-11-08.1 - PaPa 2007-11-18 7:15:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT -5:00]
Running from: C:\Documents and Settings\PaPa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Devon.HOME-ZWDY05CITR\Application Data\Starware
C:\Documents and Settings\Devon.HOME-ZWDY05CITR\Desktop\internet.lnk
C:\Documents and Settings\Devon\Desktop\internet.lnk
C:\Documents and Settings\leo & freddy\Desktop\internet.lnk
C:\Documents and Settings\MaMa\Desktop\internet.lnk
C:\Documents and Settings\Rachel\Desktop\internet.lnk
C:\Documents and Settings\Robert York\Application Data\Install.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-18 07:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 07:11 <DIR> d-------- C:\RVAXO
2007-11-18 07:08 435,654 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-11-18 07:08 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-11-17 21:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-15 09:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 09:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 09:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 09:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 09:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 09:09 1,854 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 08:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-14 18:40 <DIR> d-------- C:\Documents and Settings\PaPa\.SunDownloadManager
2007-11-14 18:16 <DIR> d-------- C:\Documents and Settings\PaPa\Application Data\Grisoft
2007-11-14 18:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-14 18:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-11-14 18:01 <DIR> d-------- C:\Program Files\CCleaner
2007-11-13 22:27 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-12 18:05 <DIR> d-------- C:\Program Files\Quick StartUp
2007-11-12 18:01 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-12 15:42 <DIR> d-------- C:\Documents and Settings\PaPa\Application Data\SpywareBot
2007-11-12 15:39 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-11-12 15:36 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-12 15:36 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-12 15:36 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-12 15:36 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-12 15:36 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-12 15:36 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-12 15:35 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-12 15:34 <DIR> d-------- C:\Program Files\McAfee
2007-11-12 15:34 <DIR> d-------- C:\Program Files\Common Files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 23:46 --------- d-----w C:\Program Files\Java
2007-11-14 23:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 23:03 --------- d-----w C:\Program Files\Yahoo!
2007-11-12 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-11-12 18:47 --------- d-----w C:\Program Files\Citrix
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-02-20 12:34 17,144 ----a-w C:\Documents and Settings\Devon.HOME-ZWDY05CITR\Application Data\GDIPFONTCACHEV1.DAT
2005-12-08 01:21 17,144 ----a-w C:\Documents and Settings\PaPa\Application Data\GDIPFONTCACHEV1.DAT
2005-09-26 18:49 41,976 -c--a-w C:\Documents and Settings\YORK FAMILY\Application Data\GDIPFONTCACHEV1.DAT
2002-07-30 10:36 806,912 -c--a-w C:\Program Files\Common Files\Flash.ocx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eTrustPPAP"="C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2006-12-05 15:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-18 15:18]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 06:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-07-01 20:46:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TrayMin700.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TrayMin700.exe.lnk
backup=C:\WINDOWS\pss\TrayMin700.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccWasher]
C:\Program Files\Cookie Washer\aolwasher.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]
C:\WINDOWS\vphc700.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 20:35:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-12 20:35:51 C:\WINDOWS\Tasks\McQcTask.job"
"2007-11-17 08:00:02 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 07:20:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-18 7:22:27
.
--- E O F ---

#4 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 18 November 2007 - 08:19 AM

Is there any improvement?

-----------------

Please do this for me..........
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
_____________________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!
MrC


#5 rlstrut

rlstrut

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 19 November 2007 - 07:48 AM

:thumbup: Awesome-thank you- :) all set :D

#6 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 19 November 2007 - 06:50 PM

Great :thumbup:

If you have any questions - please post back

I'll leave you with........

Some Preventive Maintenance:

Some of the programs you may have run create backups of what was deleted - you can safely delete them now: (delete folders in blue) You can also delete/uninstall the programs themselves.

C:\!KillBox (KillBox)
C:\VundoFix Backups (VundoFix)
C:\QooBox (ComboFix)
C:\SDFix\backups\backups.zip (SDFix)
C:\avenger\backup.zip (Avenger)
C:\_OTMOVEIT folder (OTMoveIt)

RVAXO:
You can use Uninstall.cmd to remove everything from RVAXO, it will be found in the RVAXO-folder on your desktop.
Then delete the RVAXO folder and RVAXO.exe.

If you used AVG Anti-Spyware and/or SuperAntiSpyware...........

Open up SuperAntiSpyware > Preferences > General and Start-up > Start-up Options > Uncheck > Start SAS when Windows Starts.
"SAS free" provides no real time protection so there's no need for it to be running, I suggest you keep the program and update regularly - you can use it to scan for malware. It's an excellent program. When you want to start it - just double click on the SAS icon.

AVG Anti-Spyware will provide 30 days of real time protection and then after that you can use it to scan for malware - you'll have to manually update it first.


------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point (XP only):

Note: This will remove all previous Restore Points!

1. Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer,

2. Turn on System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UnCheck Turn off System Restore.
Click Apply, and then click OK.

Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked.

SpywareBlaster Check for updates weekly.

SpywareGuard

IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
or try the new ZonedOut

Blocking Unwanted Parasites with a Hosts File
Direct Download - MVPS HOSTS <==> MVPS HOSTS Tutorial

Need a free anti virus?
AVG*free
Avast Free
AntiVirŪ PersonalEdition Classic
-->Check for updates - daily<---

How about a firewall? The front door to your computer.
Windows firewall is not suffient...install a better one.
Comodo Free Firewall
ZoneAlarm*free
Other free firewalls

Keep those temp files off your system use
ATF Cleaner - hit "select all" then just uncheck "cookies" (uncheck cookies is optional - leave it checked if you want to delete all cookies) then "empty selected"
or
CCleaner
Uncheck "Cookies" under "Internet Explorer".
That will clear out all the temp files on the system.

IMPORTANT!!
Keep your Sun Java up-to-date JRE Version 6 Update 3<--newest version
Delete ALL old versions from add/remove programs if listed first!
Check HERE

Keep the registry backed up - use ERUNT
Print this out and save it
ERUNT Tutorial

Starter Manage you startup programs and services.

----------Free malware removal programs:----------

AVG Anti-Spyware<---VERY GOOD! (XP and 2K only)
SUPERAntiSpyware (free edition)<---Excellent!
AVG Anti-Rootkit Free Edition Run it!!
SpyBot
AD-Aware
CW-Shredder

Please consider using FireFox instead of Internet Explorer. A more secure browser! Easy to make the change!
FireFox Tutorial


Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable "Windows Messenger Service" XP - 2K (stops pop-up ads -etc):
Shoot The Messenger

Anti-Rootkit Software - Detection, Removal & Protection

Reduce Online Fraud

Slow Computer - Check Here

Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC


#7 MrCharlie

MrCharlie

    SuperMember

  • Malware Team
  • 2,949 posts

Posted 22 November 2007 - 09:27 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users