|
|
|
please help with TR/Vundo.fnr.48
|
|
|
Les26
Junior Member
1 product review
|
23. October 2008 @ 11:36 |
Link to this message
|
hey im experiensing some real popup problems with TR/Vundo.fnr.48 atleast thats what my avira antivir that problem regonizes sorry that i didnt use search in here but cant be online for too long since popups come like in every 2 secs :(
Ive tried virus scan with, Avira, Norton, Fsecure and Kaspersky none of them can solve the problem and ive done that in windows safemode and in normal mode.
Ive also tried tons of spyware etc and i even tried Vundofix 7.0.6 and couple other versions, so if anyone can help me id really preciate it !
Heres my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:11, on 23.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0350Mon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38DED7EA-C794-4628-90F1-739CB0BF27B5} - C:\WINDOWS\system32\geBuvuUL.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Bitcomet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {6C350DFC-885F-4296-82E3-6428DD982099} - C:\WINDOWS\system32\opnoPjhe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {91ac753a-fc30-49f9-a004-d7b18090def7} - {7fed0908-1b7d-400a-9f94-03cfa357ca19} - C:\WINDOWS\system32\jiqyot.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C056122C-EB05-4D9B-8CF0-E51A36964DCB} - (no file)
O2 - BHO: (no name) - {C1EDA7D2-3250-480D-8001-DDC6D579E03D} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Microsoft Updote] posuh.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [Microsoft Updote] posuh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [BitComet] "G:\Bitcomet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?604bca929ff94c308145d4ad5c91bd5f
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?604bca929ff94c308145d4ad5c91bd5f
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1130767884463
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: jiqyot.dll
O20 - Winlogon Notify: opnoPjhe - C:\WINDOWS\SYSTEM32\opnoPjhe.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11296 bytes
|
|
Advertisement
|
|
|
|
Senior Member
|
23. October 2008 @ 21:36 |
Link to this message
|
Hi Les26
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Les26
Junior Member
1 product review
|
24. October 2008 @ 04:04 |
Link to this message
|
hi, thanks for answering, i couldnt update malwarebytes anti-malware since for some reason somthing is blocking what ever im trying to download from internet, but luckily i got the program via my another comp.
Heres the log:
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
24.10.2008 10:50:14
mbam-log-2008-10-24 (10-50-14).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|)
Objects scanned: 172459
Time elapsed: 1 hour(s), 5 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 12
Files Infected: 52
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\geBuvuUL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jiqyot.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnoPjhe.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnopjhe (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fed0908-1b7d-400a-9f94-03cfa357ca19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fed0908-1b7d-400a-9f94-03cfa357ca19} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f245958d-0285-4874-82df-348f5daf5e52} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f245958d-0285-4874-82df-348f5daf5e52} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebuvuul -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebuvuul -> Delete on reboot.
Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\opnoPjhe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jiqyot.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBuvuUL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\LUuvuBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LUuvuBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnajxcyd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dycxjanc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\CH3Q4L3B\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\CH3Q4L3B\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\HVB2CTG9\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\HVB2CTG9\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\HVB2CTG9\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\RVPHM363\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\WWGP79V2\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Local Settings\Temporary Internet Files\Content.IE5\WWGP79V2\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\My Documents\Vastaanotetut tiedostot\WGA patch\Windows XP.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2955AD-7259-4409-96C1-CD097A4C846A}\RP816\A0274831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2955AD-7259-4409-96C1-CD097A4C846A}\RP818\A0277025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2955AD-7259-4409-96C1-CD097A4C846A}\RP818\A0277039.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anqjqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efofsq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwVOeE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkuvbthc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfkrmxkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjriexoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUlMDsQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnMdAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1A2955AD-7259-4409-96C1-CD097A4C846A}\RP817\A0274870.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{1A2955AD-7259-4409-96C1-CD097A4C846A}\RP817\A0274871.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\SpyCleaner.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2008_01_06_17_22_04.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2008_01_06_17_27_40.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2008_01_06_17_28_52.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Registry Backups\2008-01-06_17-25-44.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Registry Backups\2008-01-06_17-32-41.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AdwareAlert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert\Log\2008 Oct 24 - 09_29_13 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\RegistrySmart\Log\2008 Jan 06 - 04_54_11 PM_250.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Les\Application Data\RegistrySmart\Log\2008 Jan 06 - 04_54_14 PM_390.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
atleast now im not experiensing any popups nor my antivir isnt complaining anything, and now i can download update from internet in that malwarebytes so seems like problem solved.. But ill do another scan now since i got anti-malware updated..
I did a quick scan after i got updated and heres the log :
Malwarebytes' Anti-Malware 1.30
Database version: 1311
Windows 5.1.2600 Service Pack 2
24.10.2008 11:14:31
mbam-log-2008-10-24 (11-14-31).txt
Scan type: Quick Scan
Objects scanned: 59793
Time elapsed: 10 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c350dfc-885f-4296-82e3-6428dd982099} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
im going to reboot and do i normal scan since it still showed Vundo was in registry...
This message has been edited since posting. Last time this message was edited on 24. October 2008 @ 04:17
|
Senior Member
|
24. October 2008 @ 05:37 |
Link to this message
|
Hey Les26
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
After that, post a new HijackThis log and tell me what problems you have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Les26
Junior Member
1 product review
|
24. October 2008 @ 06:08 |
Link to this message
|
Hi heres my combofix log:
ComboFix 08-10-23.06 - Les 2008-10-24 12:49:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT 3:00]
Running from: G:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Les\Application Data\inst.exe
C:\setup.exe
C:\WINDOWS\system32\cfLTtBeg.ini
C:\WINDOWS\system32\cfLTtBeg.ini2
C:\WINDOWS\system32\hkfiqkcp.ini
C:\WINDOWS\system32\nWGjmnnn.ini
C:\WINDOWS\system32\nWGjmnnn.ini2
C:\WINDOWS\system32\tijrgmhw.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JAVA
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.
2008-10-24 09:35 . 2008-10-24 09:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 09:35 . 2008-10-24 09:35 <DIR> d-------- C:\Documents and Settings\Les\Application Data\Malwarebytes
2008-10-24 09:35 . 2008-10-24 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 09:35 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 09:35 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 18:30 . 2008-10-23 18:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-22 13:46 . 2008-10-22 17:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-22 12:07 . 2008-10-22 12:07 <DIR> d-------- C:\VundoFix Backups
2008-10-21 13:02 . 2008-10-21 17:11 135 --a------ C:\WINDOWS\Mp3CutterJoiner.ini
2008-10-21 12:57 . 2008-10-21 17:10 <DIR> d-------- C:\My Music
2008-10-21 12:56 . 2008-10-21 12:56 <DIR> d-------- C:\Program Files\AudioToolsFactory
2008-10-21 12:56 . 2004-12-08 13:21 1,843,200 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-10-21 12:56 . 2004-08-02 15:09 450,560 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-10-21 12:56 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-10-21 12:56 . 2004-12-01 14:43 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-10-21 12:56 . 2003-08-07 14:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-10-21 12:56 . 2004-05-20 14:24 196,608 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-10-21 12:56 . 2003-12-08 12:49 116,304 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-10-21 12:56 . 2008-10-21 17:11 5 --a------ C:\WINDOWS\system32\SySMP3CutJoin.dat
2008-10-20 22:01 . 2004-08-04 10:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-10-20 22:01 . 2004-08-04 10:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-10-20 22:01 . 2004-08-04 10:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-10-20 22:01 . 2004-08-04 10:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-10-20 22:01 . 2004-08-04 10:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-10-20 22:01 . 2004-08-04 10:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-10-17 13:44 . 2003-09-13 16:25 15,700 --a------ C:\Cannibal_Corpse_-_Stripped_Raped_And_Strangled-3509.gp3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 09:53 6,734,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 08:18 96,548 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-22 18:22 --------- d-----w C:\Documents and Settings\Les\Application Data\Vso
2008-10-22 11:44 2,266,624 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-09-14 09:25 --------- d-----w C:\Program Files\dvdSanta
2008-09-08 17:19 --------- d-----w C:\Documents and Settings\Les\Application Data\Skype
2008-09-05 12:58 --------- d-----w C:\Program Files\SlySoft
2008-09-05 12:20 --------- d-----w C:\Documents and Settings\Les\Application Data\Nero
2008-09-05 12:18 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-05 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-05 12:15 --------- d-----w C:\Program Files\Nero
2008-09-05 12:06 --------- d-----w C:\Program Files\Ahead
2008-08-04 08:21 2,563,800 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-17 10:37 47,360 ----a-w C:\Documents and Settings\Les\Application Data\pcouffin.sys
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2001-08-23 12:00 94,784 --sha-w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sha-w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
------- Sigcheck -------
2005-05-25 22:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 20:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 15:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 19:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 14:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 14:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 14:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 09:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 22:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2004-08-04 09:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2002-08-29 11:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
2008-06-06 19:13 359808 f4dd02b880dd00888187201cbbc3ffaf C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-06-07 21:04 360064 907e6ccef6a51bc9873e36dbf10950db C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 09:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-13 22:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-07-26 13:19 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-26 13:19 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"BitComet"="G:\Bitcomet\BitComet.exe" [2008-06-03 2596152]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 1923352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-02 185784]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 28672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-24 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ATIPTA"="atiptaxx.exe" [2006-02-22 C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jiqyot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\settlers 6\\base\\bin\\Settlers6.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18424:TCP"= 18424:TCP:BitComet 18424 TCP
"18424:UDP"= 18424:UDP:BitComet 18424 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-04-21 22336]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-24 45376]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 142656]
R3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-21 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart\RegistrySmart.exe []
2008-10-21 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
- C:\Program Files\RegistrySmart []
2008-10-24 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2007-04-29 C:\WINDOWS\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe [2006-05-09 17:23]
2008-10-24 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-03-30 11:17]
2008-10-21 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-03-30 11:17]
.
- - - - ORPHANS REMOVED - - - -
BHO-{C056122C-EB05-4D9B-8CF0-E51A36964DCB} - (no file)
BHO-{C1EDA7D2-3250-480D-8001-DDC6D579E03D} - (no file)
SafeBoot-Java
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Les\Application Data\Mozilla\Firefox\Profiles\jurqkuvk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 12:58:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
.
**************************************************************************
.
Completion time: 2008-10-24 13:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-24 10:04:16
Pre-Run: 3 182 624 768 bytes free
Post-Run: 4,040,167,424 bytes free
223 --- E O F --- 2008-07-22 20:38:25
|
|
Les26
Junior Member
1 product review
|
24. October 2008 @ 06:12 |
Link to this message
|
And heres my new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:32, on 24.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Bitcomet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [BitComet] "G:\Bitcomet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bitcomet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?604bca929ff94c308145d4ad5c91bd5f
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?604bca929ff94c308145d4ad5c91bd5f
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1130767884463
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: jiqyot.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10403 bytes
|
Senior Member
|
24. October 2008 @ 08:05 |
Link to this message
|
Hey Les26
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
O20 - AppInit_DLLs: jiqyot.dll
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
Do you recognize this proxy? proxy.dial.inet.fi
What problems do you have left?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Les26
Junior Member
1 product review
|
24. October 2008 @ 12:08 |
Link to this message
|
Hi i had to go to work after my last post (working as a seaman).
i will try that on monday when i get home again, proxy.dial.inet.fi was my 1st internet providers explorer proxy. now that i dont have that internet provider anymore may i delete it?
when i left home today my comp seemed like 500% faster that it was even before that vundo infected my comp. so i think that vundo wasnt my only problem =)
I really really thank you so much , that vundo opened popups like in every 2 secs and seemed like it downloaded other viruses aswell and i saw that suddenly i had some adwarealert program too, even i surely didnt istall that :) and i saw that i one popup window there was my c:\ root in as a ftp server...
i'll be in touch on monday/tuesday when i get home... But again thanks so much!
|
Senior Member
|
25. October 2008 @ 04:23 |
Link to this message
|
|
Hey Les26
You're welcome. I understand your relief... :)
You can fix these entries as well:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
Best Wishes :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Les26
Junior Member
1 product review
|
27. October 2008 @ 12:35 |
Link to this message
|
|
hi, got back from work, fixed those proxy things, comp seems to work like a charm !
Thanks, couldnt manage without you !
|
|
Advertisement
|
|
|
Senior Member
|
28. October 2008 @ 01:10 |
Link to this message
|
|
You're welcome, Les26. Enjoy!
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
