WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Live Safety Center, Online Security Guide Icons...HELP&#

Started by Mr. Mojo Rising , Nov 18 2007 11:35 AM

This topic is locked

4 replies to this topic

#1 Mr. Mojo Rising

New Member

New Member
2 posts

Posted 18 November 2007 - 11:35 AM

Hello,

I cannot remove this! Here are the symptoms:

- Flashing caution sign in the system tray
- Pop Ups saying "System Alert" from the system tray
- Browser pop ups
- Two new icons in the desktop with the listed in the this topic title

Here is my HiJack This Log file and ComboFix

Logfile of HijackThis v1.99.1
Scan saved at 11:35:33 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Program Files\firefox.exe
C:\DOCUME~1\JOEHES~1\LOCALS~1\Temp\rhvqsuwb.exe
D:\Spyware Tools\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Rmuddthw\sfjzmtvi.dll (file missing)
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - d:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5206C7FD-BB4E-4B63-8900-D3255005E7B1} - (no file)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\opnooom.dll (file missing)
O2 - BHO: (no name) - {88430C07-E57A-48E3-979B-1DA8F4A7305E} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: {2bf07ccf-173f-987a-8ac4-ee277a75dd19} - {91dd57a7-72ee-4ca8-a789-f371fcc70fb2} - C:\WINDOWS\system32\vamkkycj.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\yoqfxusk.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yoqfxusk.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] D:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - d:\Program Files\Bodog Poker2\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://E:\components\hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://E:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://E:\components\wmvhdrating.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com...t/TLIEFlash.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O20 - Winlogon Notify: opnooom - opnooom.dll (file missing)
O20 - Winlogon Notify: ozzzabcn - ozzzabcn.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
O20 - Winlogon Notify: yayxvvv - yayxvvv.dll (file missing)
O20 - Winlogon Notify: yoqfxusk - C:\WINDOWS\SYSTEM32\yoqfxusk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Combofix:

ComboFix 07-11-08.1 - Joe Hess 2007-11-18 11:56:26.2 - NTFSx86
Running from: C:\Documents and Settings\Joe Hess\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Joe Hess\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Joe Hess\Desktop\Online Security Guide.lnk
C:\WINDOWS\system32\yoqfxusk.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-18 11:51 <DIR> d-------- C:\RVAXO
2007-11-18 11:44 435,984 --a------ C:\WINDOWS\SYSTEM32\RVAXO.bat
2007-11-18 11:44 69,632 --a------ C:\WINDOWS\SYSTEM32\remove.exe
2007-11-18 10:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 07:57 79,424 --a------ C:\WINDOWS\SYSTEM32\vamkkycj.dll
2007-11-18 07:55 79,424 --a------ C:\WINDOWS\SYSTEM32\nvkohhlh.dll
2007-11-18 07:54 85,056 --a------ C:\WINDOWS\SYSTEM32\sbmpvifx.dll
2007-11-18 07:52 145,984 --a------ C:\WINDOWS\SYSTEM32\yoqfxusk.dll
2007-11-18 07:52 145,984 --a------ C:\WINDOWS\SYSTEM32\wvernltn.dll
2007-11-18 07:52 71,232 --a------ C:\WINDOWS\SYSTEM32\qjmnpwsw.exe
2007-11-18 07:50 145,984 --a------ C:\WINDOWS\SYSTEM32\oujikavr.dll
2007-11-18 07:50 71,232 --a------ C:\WINDOWS\SYSTEM32\uybctjha.exe
2007-11-17 07:43 <DIR> d-------- C:\Documents and Settings\Mechelle Hess.HESSFAMPC\Application Data\Grisoft
2007-11-16 19:00 <DIR> d-------- C:\Documents and Settings\Joe Hess\Application Data\Grisoft
2007-11-16 18:54 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-14 09:11 <DIR> d-------- C:\Program Files\Rmuddthw
2007-11-14 09:11 <DIR> d-------- C:\Program Files\pgfkbuxc
2007-11-09 03:08 49,152 --a------ C:\WINDOWS\Clnuizip.exe
2007-10-29 00:17 589 --a------ C:\WINDOWS\SYSTEM32\gbvwwxkh.dll
2007-10-23 15:49 <DIR> d-------- C:\Documents and Settings\Joe Hess\Application Data\gtk-2.0
2007-10-23 15:35 <DIR> d-------- C:\Documents and Settings\Joe Hess\Application Data\Inkscape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 18:03 402,332 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-18 18:03 111,722,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-18 14:03 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-11-17 23:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2007-11-17 00:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-15 00:54 --------- d-----w C:\Documents and Settings\Joe Hess\Application Data\SolidDocuments
2007-10-18 20:06 20,520 ----a-w C:\Documents and Settings\Mechelle Hess.HESSFAMPC\Application Data\GDIPFONTCACHEV1.DAT
2007-10-15 06:23 --------- d-----w C:\Documents and Settings\Joe Hess\Application Data\AVG7
2007-10-14 14:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-10-03 01:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-09-13 03:03 20,520 ----a-w C:\Documents and Settings\Joe Hess\Application Data\GDIPFONTCACHEV1.DAT
2007-09-06 21:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2006-09-19 23:07 81,920 ----a-w C:\Documents and Settings\Joe Hess\Application Data\ezpinst.exe
2006-09-19 23:07 47,360 ----a-w C:\Documents and Settings\Joe Hess\Application Data\pcouffin.sys
2005-09-25 11:14 24 ----a-w C:\Documents and Settings\Hess Family Computer\mylist.dat
2004-11-19 23:25 266 --sh--w C:\Program Files\desktop.ini
2004-11-19 23:25 11,079 ---ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Rmuddthw\sfjzmtvi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5206C7FD-BB4E-4B63-8900-D3255005E7B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
C:\WINDOWS\system32\opnooom.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88430C07-E57A-48E3-979B-1DA8F4A7305E}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91dd57a7-72ee-4ca8-a789-f371fcc70fb2}]
2007-11-18 07:57 79424 --a------ C:\WINDOWS\system32\vamkkycj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-18 07:52 145984 --a------ C:\WINDOWS\system32\yoqfxusk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yoqfxusk.dll [2007-11-18 07:52 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yoqfxusk.dll [2007-11-18 07:52 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-28 10:02]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-06-11 12:51]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 11:00]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 13:29 C:\WINDOWS\SOUNDMAN.EXE]
"POEngine"="" []
"Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"CinemaNowMediaManagerApp"="D:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" []
"ZoneAlarm Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"!AVG Anti-Spyware"="d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-11-21 01:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\opnooom.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnooom]
opnooom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ozzzabcn]
ozzzabcn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]
winhoq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxvvv]
yayxvvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yoqfxusk]
yoqfxusk.dll 2007-11-18 07:52 145984 C:\WINDOWS\SYSTEM32\yoqfxusk.dll

S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24263ad0-e1ac-11d9-9673-000c6ea7f356}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8d31c42-0d78-11dc-9d38-00051c98c945}]
\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 12:07:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 12:11:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-18 11:03
.
--- E O F ---

Edited by Mr. Mojo Rising, 18 November 2007 - 12:28 PM.

Advertisements

Register to Remove

#2 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 18 November 2007 - 01:49 PM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

You too could train to help others- Join the Classroom

#3 Mr. Mojo Rising

New Member

New Member
2 posts

Posted 18 November 2007 - 02:09 PM

Here is the list you requested. Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 7.0.9 Adobe SVG Viewer Ashampoo WinOptimizer Platinum 3 ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG 7.5 AVG Anti-Spyware 7.5 AVI DivX MPEG to DVD Converter & Burner Pro 2.9 Azureus BeerSmith Brewing Software Bejeweled 2 Deluxe BlackBerry Application Web Loader 1.0 BlackBerry Desktop Software 4.2 BlackBerry Desktop Software 4.2 BlackBerry v4.1.0 for the 7520 Wireless Handheld Bodog Poker Version 2.8.0.41 Boilsoft ASF Converter 2.68 CCleaner (remove only) Clean It CloneDVD2 ConvertXtoDVD 2.1.0 Cucusoft MPEG/MOV/RM/DivX/AVI to VCD/DVD/SVCD Converter Lite 7. Disk Cleaner (remove only) DVD Decrypter (Remove Only) Easy Video Splitter 1.28 FaxDrive FaxWizard FontLoader G-Force HijackThis 1.99.1 Holdem Indicator 1.0.9 Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB926239) HP Image Zone Express HP PSC & OfficeJet 5.3.B Image Video Machine iPrint2Fax K-Lite Codec Pack 2.34 Full MagicDisc 2.5.61 Math Blaster 1st Grade MediaMonkey 2.5 Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Live Meeting 2005 Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Movie DVD Maker 1.3.3 Mozilla Firefox (1.5.0.7) MSN Music Assistant MSXML 4.0 SP2 (KB927978) Nero 7 Premium PatentHunter PDF Password Remover v2.1 PDF Password Remover v2.5 Phelix 1.0.0 Poker Indicator 1.7.7 PowerVideoMaker Professional 2.6 Quick File Rename Personal Edition v5.0 QuickTime Realtek AC'97 Audio Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB929969) SolidConverterPDF Sompy MovieEncoder version 1.0.0314 SompyPlayer SpywareGuard v2.2 Tag&Rename 3.2 TagRunner 1.5 TweakNow RegCleaner Standard Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) version 4.9.2 Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB894476 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver WinZip ZoneAlarm

#4 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 19 November 2007 - 04:39 AM

Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back in your next reply.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

You too could train to help others- Join the Classroom

#5 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 26 November 2007 - 05:20 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

You too could train to help others- Join the Classroom

Body Background

skin color theme