1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HElp viruses , trojans, spyware

Discussion in 'Windows - Virus and spyware problems' started by tony909, Jul 8, 2007.

  1. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    i ranned hijack this and got


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:51:10 AM, on 7/8/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb105\Dealio.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvxor.dll,startup
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win108.tmp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb105\Dealio.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177739529915
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178001050171
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O21 - SSODL: msole - {D02589C2-FDAE-4A08-A224-AC5B329DD707} - C:\WINDOWS\msole.dll
    O21 - SSODL: msdde - {AEC30926-AC21-4AED-8DEE-DFA61B4E8D46} - C:\WINDOWS\msdde.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 6373 bytes


    what to do next to remove all the crap that i have,,
    THANX
     
  2. Auttaja

    Auttaja Guest

    Please download VundoFix.exeto your desktop.
    * Double-click *VundoFix.exe* to run it.
    * Click the *Scan for Vundo* button.
    * Once it's done scanning, click the *Remove Vundo* button.
    * You will receive a prompt asking if you want to remove the files, click "YES"
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click *OK*.
    * Please post the contents of C:\*vundofix.txt* Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

    ==========

    Download and Run ComboFix
    [*]Download this file from either of the two below listed places :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    [*]Then double click combofix.exe & follow the prompts.
    [*]When finished, it shall produce a log for you. Post that log in your next reply
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    =========

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    [*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
    [*] Type Y to begin the cleanup process.
    [*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    [*] Press any Key and it will restart the PC.
    [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    [*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    [*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    ========

    Rename HijackThis.exe

    1. Right click on the HijackThis icon.

    [​IMG]

    2. Select Rename.

    [​IMG]

    3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
    Hit the enter key on keyboard.

    [​IMG]

    Double click on Scanner.exe.
    Click on Do a system scan and save a logfile. Post log in next reply.
     
    Last edited by a moderator: Jul 9, 2007
  3. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    this is the log i got for combofix:


    "Administrator" - 2007-07-11 19:23:27 - ComboFix 07-07-12.3 - Service Pack 1 [SAFE MODE]

    /wow section - STAGE #8

    ((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


    2007-07-11 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-11 11:13 <DIR> d-------- C:\WINDOWS\LastGood
    2007-07-08 13:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    2007-07-08 09:00 <DIR> d-------- C:\VundoFix Backups
    2007-07-08 08:49 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-08 08:49 <DIR> d-------- C:\hjt
    2007-07-08 07:40 12,288 --a------ C:\WINDOWS\mgrs.exe
    2007-07-07 11:48 <DIR> d-------- C:\Program Files\QuickTime
    2007-07-07 11:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-07 08:38 10,240 --a------ C:\WINDOWS\system32\syswin.exe
    2007-07-07 08:27 31,254 --a------ C:\WINDOWS\system32\urqqqrr.dll
    2007-07-07 08:27 <DIR> d-------- C:\WINDOWS\system32\?ystem
    2007-07-07 01:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
    2007-07-07 00:32 <DIR> d-------- C:\WINDOWS\privacy_danger
    2007-07-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-07-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    2007-07-06 18:35 465 --a------ C:\WINDOWS\system32\vjgoofle.ini.ren
    2007-07-06 18:35 128,576 --a------ C:\WINDOWS\system32\elfoogjv.dll.ren
    2007-07-06 18:27 1,850,823 --a------ C:\WINDOWS\system32\rtstv.bak2.ren
    2007-07-05 20:42 90,240 --a------ C:\WINDOWS\system32\drivers\sptd7501.sys
    2007-07-05 20:42 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-05 20:24 6,369 --a------ C:\WINDOWS\system32\rtstv.bak1.ren
    2007-07-05 20:24 1,889,455 --ahs---- C:\WINDOWS\system32\rtstv.ini.ren
    2007-07-05 20:19 <DIR> d-------- C:\Program Files\?icrosoft.NET
    2007-07-05 20:02 <DIR> d-------- C:\Program Files\BearShare
    2007-07-02 20:28 <DIR> d-------- C:\Program Files\MagicISO
    2007-07-01 18:12 <DIR> d-------- C:\Program Files\PowerISO
    2007-07-01 15:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
    2007-07-01 14:50 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-01 14:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2007-07-01 14:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2007-07-01 14:49 <DIR> d-------- C:\Program Files\Trojan Remover
    2007-07-01 14:49 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Simply Super Software
    2007-07-01 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
    2007-06-30 21:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-30 13:20 <DIR> d-------- C:\Program Files\Lavasoft
    2007-06-30 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-30 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-06-30 12:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-30 12:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-06-30 12:04 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-06-30 12:03 <DIR> d-------- C:\Program Files\Yahoo!
    2007-06-30 12:02 <DIR> d-------- C:\Program Files\CCleaner
    2007-06-30 12:01 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-06-30 11:58 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-30 11:51 <DIR> d-------- C:\Program Files\Spyware Eliminator Professional Full
    2007-06-30 11:51 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\AntiSpywareDAT
    2007-06-30 10:14 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-06-30 08:14 74,752 --a------ C:\WINDOWS\msdde.dll
    2007-06-30 08:14 53,760 --a------ C:\WINDOWS\msole.dll
    2007-06-30 08:14 22,016 --a------ C:\WINDOWS\main_uninstaller.exe
    2007-06-30 08:13 <DIR> d-------- C:\Program Files\NewMediaCodec
    2007-06-29 20:11 <DIR> d-------- C:\SHREK_2_US_4X3
    2007-06-28 12:24 <DIR> d-------- C:\Program Files\Gabest
    2007-06-26 15:09 <DIR> d-------- C:\Program Files\Real Alternative
    2007-06-26 15:09 <DIR> d-------- C:\Program Files\Media Player Classic
    2007-06-26 15:09 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Real
    2007-06-26 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    2007-06-26 15:04 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Media Player Classic
    2007-06-26 14:55 90,112 --ah----- C:\WINDOWS\vstriplangue.exe
    2007-06-26 14:55 849,408 --a------ C:\WINDOWS\system32\DivX.dll
    2007-06-26 14:55 63,488 --a------ C:\WINDOWS\system32\MMRegOCX.exe
    2007-06-26 14:55 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
    2007-06-26 14:55 48,640 --ah----- C:\WINDOWS\vStrip.exe
    2007-06-26 14:55 44,544 --ah----- C:\WINDOWS\vStrip_css.dll
    2007-06-26 14:55 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
    2007-06-26 14:55 123 --a------ C:\WINDOWS\system32\98NT.bat
    2007-06-26 14:55 114,176 --a------ C:\WINDOWS\system32\bgregister.exe
    2007-06-26 14:55 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.DLL
    2007-06-26 14:55 1,335,296 --a------ C:\WINDOWS\system32\PSIKey.dll
    2007-06-26 14:55 <DIR> d-------- C:\Program Files\RM-X Player V4.2
    2007-06-24 23:00 <DIR> d-------- C:\DEJA_VU_US_16X9
    2007-06-20 20:11 <DIR> d-------- C:\WINDOWS\Prefetch
    2007-06-19 19:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-06-19 03:39 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-18 11:21 <DIR> d-------- C:\MI3_DOMESTIC_D1_WS
    2007-06-17 16:13 <DIR> d-------- C:\Program Files\Google
    2007-06-17 16:13 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Google
    2007-06-17 14:13 <DIR> d-------- C:\Program Files\Tropical Fish 3D Screensaver
    2007-06-17 14:12 1 --a------ C:\WINDOWS\system32\sav950231.sys
    2007-06-17 14:12 1 --a------ C:\WINDOWS\system32\sav87312.sys
    2007-06-17 14:12 <DIR> d-------- C:\Program Files\Dealio
    2007-06-17 14:11 5,836,800 --a------ C:\WINDOWS\system32\3D Supernova.scr
    2007-06-17 14:11 5,570,560 --a------ C:\WINDOWS\system32\3D Galaxy Journey.scr
    2007-06-17 14:11 4,014,080 --a------ C:\WINDOWS\system32\3D Interstellar Voyager.scr
    2007-06-17 14:11 3,878,912 --a------ C:\WINDOWS\system32\3D Solar Traveler.scr
    2007-06-17 14:11 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
    2007-06-17 14:11 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
    2007-06-17 14:11 <DIR> d-------- C:\Program Files\3Deep Space
    2007-06-17 13:58 <DIR> d-------- C:\Program Files\Screensavers.com
    2007-06-17 13:33 <DIR> d-------- C:\My Downloads
    2007-06-17 13:26 <DIR> d-------- C:\Program Files\Lavasoft Ad-Aware
    2007-06-17 08:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 19:29:38 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-08 07:12:57 -------- d-----w C:\Program Files\?icrosoft.NET
    2007-06-21 03:09:12 -------- d-----w C:\Program Files\Messenger
    2007-06-21 02:51:55 -------- d-----w C:\Program Files\Windows NT
    2007-06-21 02:51:44 -------- d-----w C:\Program Files\Movie Maker
    2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-01 04:00:27 -------- d-----w C:\Program Files\uTorrent
    2007-05-16 04:54:52 -------- d-----w C:\Program Files\RipIt4Me
    2007-05-16 04:48:15 -------- d-----w C:\Program Files\DVD Decrypter
    2007-05-16 04:43:08 -------- d-----w C:\Program Files\DVD Shrink
    2007-05-03 05:50:54 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-05-02 22:26:54 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-05-01 23:17:11 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-05-01 03:19:14 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
    2007-04-28 04:28:38 0 --sha-r C:\MSDOS.SYS
    2007-04-28 04:28:38 0 --sha-r C:\IO.SYS
    2007-04-28 04:28:38 0 ----a-w C:\CONFIG.SYS
    2007-04-28 04:28:38 0 ----a-w C:\AUTOEXEC.BAT
    2007-04-28 04:23:58 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
    2006-09-06 07:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B5DE60-B99B-4775-9DC5-EA538213FDE9}]
    C:\WINDOWS\System32\vtstr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
    2007-06-25 17:44 2407256 --a------ C:\Program Files\Dealio\kb105\Dealio.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "au"="C:\Program Files\Dealio\DealioAU.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-06-15 17:00]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 05:23]
    "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-26 13:48]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-07 11:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-08-13 12:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{D02589C2-FDAE-4A08-A224-AC5B329DD707}"="C:\WINDOWS\msole.dll" [2007-06-30 01:29]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusppo]
    wvusppo.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
    backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    "C:\Program Files\BearShare\BearShare.exe" /pause

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    "C:\Program Files\Norton Internet Security\osCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WZCSVC"=3 (0x3)
    "odserv"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)

    *Newly Created Service* - COMHOST

    Contents of the 'Scheduled Tasks' folder
    2007-06-16 03:06:07 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Vero.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-11 19:25:06
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-11 19:25:54

    --- E O F ---
     
  4. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    this is what i got after runin sdfix:




    SDFix: Version 1.90

    Run by Administrator on Wed 07/11/2007 at 07:35 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\privacy_danger\index.htm - Deleted
    C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
    C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
    C:\WINDOWS\privacy_danger\images\down.gif - Deleted
    C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\main_uninstaller.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted
    C:\WINDOWS\msdde.dll - Deleted
    C:\WINDOWS\msole.dll - Deleted
    C:\WINDOWS\rs.txt - Deleted


    Folder C:\WINDOWS\privacy_danger - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\RM-X Player V4.2\ASProtect.dll
    C:\Program Files\RM-X Player V4.2\lame_enc.dll
    C:\Program Files\RM-X Player V4.2\viscomaudiodata.dll
    C:\Program Files\RM-X Player V4.2\viscomaudioencoder.dll
    C:\Program Files\RM-X Player V4.2\viscomframe.dll
    C:\Program Files\RM-X Player V4.2\viscomqtde.dll
    C:\Program Files\RM-X Player V4.2\viscomqtenc.dll
    C:\Program Files\RM-X Player V4.2\viscomtran.dll
    C:\Program Files\RM-X Player V4.2\viscomwave.dll
    C:\WINDOWS\vStrip_css.dll
    C:\WINDOWS\vStrip.exe
    C:\WINDOWS\vstriplangue.exe
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT100.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT102.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT103.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT104.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT105.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT106.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT107.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT108.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT109.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT10F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT11.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT110.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT111.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT118.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT119.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT11A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT11B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT11C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT11F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT12.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT121.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT122.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT123.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT124.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT125.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT126.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT127.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT128.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT129.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT12B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT12E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT12F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT130.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT131.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT132.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT133.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT134.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT135.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT137.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT139.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT13F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT14.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT140.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT141.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT142.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT143.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT144.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT145.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT146.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT148.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT149.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT14A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT14B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT14C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT15.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT16.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT17.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT18.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT19.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT1F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT20.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT21.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT22.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT23.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT24.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT25.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT26.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT27.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT28.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT29.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT2F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT30.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT31.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT32.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT33.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT34.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT35.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT36.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT37.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT38.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT39.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT3F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT40.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT41.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT42.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT43.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT44.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT45.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT46.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT47.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT48.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT49.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT4F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT50.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT51.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT52.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT53.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT54.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT55.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT56.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT62.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT63.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT64.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT65.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT66.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT67.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT68.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT69.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6A7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6A8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6A9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6AF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6B2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6B3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6B9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6BA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6BB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6C9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6CA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6CF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6D9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6DE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6DF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6E8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6ED.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6EE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6EF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6F4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6F5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6F6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6F7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6FC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6FD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT6FE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT704.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT705.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT706.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT707.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT708.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT709.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT70F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT71.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT711.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT713.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT719.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT71A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT71C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT71D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT72.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT73.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT74.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT75.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT78.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT79.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT7A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT7F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT84.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT86.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT87.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT89.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT8F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT90.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT91.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT92.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT93.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT94.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT95.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT96.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT97.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT98.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT99.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9A.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9B.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9C.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9D.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9E.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BIT9F.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITA9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITAA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITAD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITAE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITAF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITB9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITBA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITBB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITBC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITBD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITBF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITC9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITCF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITD8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITDA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITDB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITDC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITDD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITDF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE5.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITE9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITEA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITEB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITEC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITED.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITEE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITEF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF0.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF1.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF2.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF3.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF4.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF6.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF7.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF8.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITF9.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFA.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFB.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFC.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFD.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFE.tmp
    C:\Documents and Settings\Vero\Local Settings\Temp\BITFF.tmp

    Finished
     
  5. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    finally i got this from hijackthis log ,
     
  6. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:00:47 PM, on 7/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {36B5DE60-B99B-4775-9DC5-EA538213FDE9} - C:\WINDOWS\System32\vtstr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb105\Dealio.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb105\Dealio.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb105\res\DealioSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb105\Dealio.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177739529915
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178001050171
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: wvusppo - wvusppo.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 7787 bytes
     
  7. Auttaja

    Auttaja Guest

    Please download SmitfraudFix

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    ============

    You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please reboot your computer in Safe Mode by doing the following :
    *Restart your computer
    *After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    *nstead of Windows loading as normal, a menu with options should appear;
    *Select the first option, to run Windows in Safe Mode, then press "Enter".
    *Choose your usual account.
    Once in Safe Mode, double-click SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.

    =========

    Post these too log, and fres HijackThis log too
     
  8. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    here is what i got after running smitfraud


    SmitFraudFix v2.203

    Scan done at 19:56:30.82, Thu 07/12/2007
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\NewMediaCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4882FB22-892C-472E-BBC4-60E950766973}: DhcpNameServer=24.116.39.12 24.116.2.34
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4882FB22-892C-472E-BBC4-60E950766973}: DhcpNameServer=24.116.39.12 24.116.2.34
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4882FB22-892C-472E-BBC4-60E950766973}: DhcpNameServer=24.116.39.12 24.116.2.34
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.116.39.12 24.116.2.34
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.116.39.12 24.116.2.34
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.116.39.12 24.116.2.34


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  9. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    results from hijack this


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:09:08 PM, on 7/12/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {36B5DE60-B99B-4775-9DC5-EA538213FDE9} - C:\WINDOWS\System32\vtstr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb105\Dealio.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb105\Dealio.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb105\Dealio.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177739529915
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178001050171
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: wvusppo - wvusppo.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 6373 bytes
     
  10. Auttaja

    Auttaja Guest

    1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!

    Double-click ATF Cleaner.exe to open it.

    Under Main select the following:
    *Windows Temp
    *Current User Temp
    *All Users Temp
    *Temporary Internet Files
    *Prefetch
    *Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    Click Exit on the Main menu to close the program.

    ========


    [*]Then double click combofix.exe & follow the prompts.
    [*]When finished, it shall produce a log for you. Post that log in your next reply
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    =====

    Post also fresh HIJACKTHISlog from normal mode.
     
    Last edited by a moderator: Jul 12, 2007
  11. anari11

    anari11 Guest

    these are malicious programs:

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win108.tmp.exe

    O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
     
  12. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    this is wat i got after runin combofix

    "Administrator" - 2007-07-14 11:09:54 - ComboFix 07-07-12.3 - Service Pack 1 [SAFE MODE]

    /wow section - STAGE #8

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\_000027_.tmp.dll


    ((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))


    2007-07-14 09:45 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
    2007-07-14 09:45 548,352 --------- C:\WINDOWS\system32\rtcdll.dll
    2007-07-14 09:45 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2007-07-12 19:44 1,704 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-12 19:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-07-12 19:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-07-12 19:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-07-11 19:34 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-11 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 13:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
    2007-07-08 09:00 <DIR> d-------- C:\VundoFix Backups
    2007-07-08 08:49 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-08 08:49 <DIR> d-------- C:\hjt
    2007-07-07 11:48 <DIR> d-------- C:\Program Files\QuickTime
    2007-07-07 11:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-07 01:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
    2007-07-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    2007-07-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    2007-07-06 18:35 465 --a------ C:\WINDOWS\system32\vjgoofle.ini.ren
    2007-07-06 18:35 128,576 --a------ C:\WINDOWS\system32\elfoogjv.dll.ren
    2007-07-06 18:27 1,850,823 --a------ C:\WINDOWS\system32\rtstv.bak2.ren
    2007-07-05 20:42 90,240 --a------ C:\WINDOWS\system32\drivers\sptd7501.sys
    2007-07-05 20:42 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-07-05 20:24 6,369 --a------ C:\WINDOWS\system32\rtstv.bak1.ren
    2007-07-05 20:24 1,889,455 --ahs---- C:\WINDOWS\system32\rtstv.ini.ren
    2007-07-05 20:02 <DIR> d-------- C:\Program Files\BearShare
    2007-07-02 20:28 <DIR> d-------- C:\Program Files\MagicISO
    2007-07-01 18:12 <DIR> d-------- C:\Program Files\PowerISO
    2007-07-01 15:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
    2007-07-01 14:50 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-01 14:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2007-07-01 14:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2007-07-01 14:49 <DIR> d-------- C:\Program Files\Trojan Remover
    2007-07-01 14:49 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Simply Super Software
    2007-07-01 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
    2007-06-30 21:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-30 13:36 68,608 --a------ C:\WINDOWS\system32\mscms.dll
    2007-06-30 13:20 <DIR> d-------- C:\Program Files\Lavasoft
    2007-06-30 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-30 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-06-30 12:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-30 12:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-06-30 12:04 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-06-30 12:03 <DIR> d-------- C:\Program Files\Yahoo!
    2007-06-30 12:02 <DIR> d-------- C:\Program Files\CCleaner
    2007-06-30 12:01 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-06-30 11:58 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-30 11:51 <DIR> d-------- C:\Program Files\Spyware Eliminator Professional Full
    2007-06-30 11:51 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\AntiSpywareDAT
    2007-06-30 11:26 991,232 --a------ C:\WINDOWS\system32\esent.dll
    2007-06-30 10:14 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-06-29 20:11 <DIR> d-------- C:\SHREK_2_US_4X3
    2007-06-28 12:24 <DIR> d-------- C:\Program Files\Gabest
    2007-06-26 15:09 <DIR> d-------- C:\Program Files\Real Alternative
    2007-06-26 15:09 <DIR> d-------- C:\Program Files\Media Player Classic
    2007-06-26 15:09 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Real
    2007-06-26 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    2007-06-26 15:04 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Media Player Classic
    2007-06-26 14:55 90,112 --ah----- C:\WINDOWS\vstriplangue.exe
    2007-06-26 14:55 849,408 --a------ C:\WINDOWS\system32\DivX.dll
    2007-06-26 14:55 63,488 --a------ C:\WINDOWS\system32\MMRegOCX.exe
    2007-06-26 14:55 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
    2007-06-26 14:55 48,640 --ah----- C:\WINDOWS\vStrip.exe
    2007-06-26 14:55 44,544 --ah----- C:\WINDOWS\vStrip_css.dll
    2007-06-26 14:55 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
    2007-06-26 14:55 123 --a------ C:\WINDOWS\system32\98NT.bat
    2007-06-26 14:55 114,176 --a------ C:\WINDOWS\system32\bgregister.exe
    2007-06-26 14:55 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.DLL
    2007-06-26 14:55 1,335,296 --a------ C:\WINDOWS\system32\PSIKey.dll
    2007-06-26 14:55 <DIR> d-------- C:\Program Files\RM-X Player V4.2
    2007-06-24 23:00 <DIR> d-------- C:\DEJA_VU_US_16X9
    2007-06-20 20:11 <DIR> d-------- C:\WINDOWS\Prefetch
    2007-06-19 19:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-06-19 03:39 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-18 11:21 <DIR> d-------- C:\MI3_DOMESTIC_D1_WS
    2007-06-17 16:13 <DIR> d-------- C:\Program Files\Google
    2007-06-17 16:13 <DIR> d-------- C:\DOCUME~1\Vero\APPLIC~1\Google
    2007-06-17 14:13 <DIR> d-------- C:\Program Files\Tropical Fish 3D Screensaver
    2007-06-17 14:12 1 --a------ C:\WINDOWS\system32\sav950231.sys
    2007-06-17 14:12 1 --a------ C:\WINDOWS\system32\sav87312.sys
    2007-06-17 14:12 <DIR> d-------- C:\Program Files\Dealio
    2007-06-17 14:11 5,836,800 --a------ C:\WINDOWS\system32\3D Supernova.scr
    2007-06-17 14:11 5,570,560 --a------ C:\WINDOWS\system32\3D Galaxy Journey.scr
    2007-06-17 14:11 4,014,080 --a------ C:\WINDOWS\system32\3D Interstellar Voyager.scr
    2007-06-17 14:11 3,878,912 --a------ C:\WINDOWS\system32\3D Solar Traveler.scr
    2007-06-17 14:11 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
    2007-06-17 14:11 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
    2007-06-17 14:11 <DIR> d-------- C:\Program Files\3Deep Space
    2007-06-17 13:33 <DIR> d-------- C:\My Downloads
    2007-06-17 13:26 <DIR> d-------- C:\Program Files\Lavasoft Ad-Aware
    2007-06-17 08:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-14 17:27:15 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-14 01:49:10 -------- d-----w C:\Program Files\Messenger
    2007-06-21 02:51:55 -------- d-----w C:\Program Files\Windows NT
    2007-06-21 02:51:44 -------- d-----w C:\Program Files\Movie Maker
    2007-06-04 22:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 22:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 22:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-01 04:00:27 -------- d-----w C:\Program Files\uTorrent
    2007-05-16 04:54:52 -------- d-----w C:\Program Files\RipIt4Me
    2007-05-16 04:48:15 -------- d-----w C:\Program Files\DVD Decrypter
    2007-05-16 04:43:08 -------- d-----w C:\Program Files\DVD Shrink
    2007-05-03 05:50:54 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-05-02 22:26:54 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-05-01 23:17:11 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-05-01 03:19:14 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
    2007-04-28 04:28:38 0 --sha-r C:\MSDOS.SYS
    2007-04-28 04:28:38 0 --sha-r C:\IO.SYS
    2007-04-28 04:28:38 0 ----a-w C:\CONFIG.SYS
    2007-04-28 04:28:38 0 ----a-w C:\AUTOEXEC.BAT
    2007-04-28 04:23:58 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
    2006-09-06 07:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B5DE60-B99B-4775-9DC5-EA538213FDE9}]
    C:\WINDOWS\System32\vtstr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
    2007-06-25 17:44 2407256 --a------ C:\Program Files\Dealio\kb105\Dealio.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "au"="C:\Program Files\Dealio\DealioAU.exe" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-07 11:48]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-08-13 12:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusppo]
    wvusppo.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
    backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
    "C:\Program Files\BearShare\BearShare.exe" /pause

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    "C:\Program Files\Norton Internet Security\osCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WZCSVC"=3 (0x3)
    "odserv"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)

    *Newly Created Service* - COMHOST
    *Newly Created Service* - EHSCHED

    Contents of the 'Scheduled Tasks' folder
    2007-07-14 03:35:49 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Vero.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-14 11:10:16
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-14 11:11:05
    C:\ComboFix-quarantined-files.txt ... 2007-07-14 11:10
    C:\ComboFix2.txt ... 2007-07-11 19:25

    --- E O F ---
     
  13. tony909

    tony909 Member

    Joined:
    Nov 29, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    16
    got this after running hijack this


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:02 AM, on 7/14/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {36B5DE60-B99B-4775-9DC5-EA538213FDE9} - C:\WINDOWS\System32\vtstr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb105\Dealio.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb105\Dealio.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb105\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177739529915
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178001050171
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: wvusppo - wvusppo.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 6417 bytes
     
  14. Auttaja

    Auttaja Guest

    Open control panel and add/remove programs, remove dealio (if presents)

    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O2 - BHO: (no name) - {36B5DE60-B99B-4775-9DC5-EA538213FDE9} - C:\WINDOWS\System32\vtstr.dll (file missing)
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb105\Dealio.dll
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb105\Dealio.dll
    O20 - Winlogon Notify: wvusppo - wvusppo.dll (file missing)


    Close ALL open windows
    Click Fix Checked
    Close HijackThis


    Remove this folder C:\Program Files\Dealio

    ==========

    Update Java
    Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    *Download the latest version of Java(TM) SE Runtime Environment 6u2.
    *Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    *Click the "Download" button to the right.
    *Check the box that says: "Accept License Agreement".
    *The page will refresh.
    *Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    *Close any programs you may have running - especially your web browser.
    *Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    *Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    *Click the Remove or Change/Remove button.
    *Repeat as many times as necessary to remove each Java versions.
    *Reboot your computer once all Java components are removed.
    *Then from your desktop double-click on the download to install the newest version.

    ========


    *Note: You will need to use Internet explorer for this scan
    *Go here to run an online scan from F-Secure
    *Click on Start scanning
    *This will open a new internet explorer window
    *It will require an activex control, please install it
    *Click Accept
    *Click Full System Scan
    *It will now download the scanner, this may take a while, please be patient
    *It will then start scanning, wait for the scan to finish
    *Click Automatic cleaning (recommended)
    *Wait for it finish the cleaning process
    *Click show report
    *This will open up a window with the results of the scan, copy and paste those results as a reply to this topic

    Post fresh hijackthis log too.
     

Share This Page