1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out

Discussion in 'Windows - Virus and spyware problems' started by engin123, Mar 28, 2008.

  1. engin123

    engin123 Guest

    ON ALL THE SEARCHES IT CAME UP WITH A BOX WITH THE RED CIRCLE IN IT WITH THE X IN IT MAKING THAT NOISE IT SAYS'SPELL IT CORRECTLY OR IT SAYS IT CANT FIND IT ON ONE OF THE FILES IT WONT EVEN OPEN UP ON THE SEARCH BAR YOU COPY PASTE IT BUT IT WONT APPEAR, THESE ARE THE 4 U-TORRENT FILES IVE COPIED FOR YOU TO SEE,IM A BIT SAD AS I HAVE NOT SEEN THEM YET,THEY ARE IN MY MY DOCUMENTS,I DID IT THROUGH EXPLORER 7 NO LUCK IN ANY SEARCH AT THE BOTOM OF THIS MESSAGE YOU WILL SEE THE LAST SEARCH I DID WHERE IT SAYS COPY THE ULR INTO THE BOX & INTO THE BOX BELLOW PUT IN YOUR SEARCH DETAILS I DID BUT IT COULDN'T FIND ANYTHING,IT JUST SAID TIME TO TIME PROPRODACLY YOU CAN CHECK BACK TO TRY AGAIN LATER SO WHAT I DID WAS TO GO TO START & SEARCH &THAT WAY I WAS ABLE TO DELETE a few the other ones said it was not on the hardrive








    Submit your site to Live Search
    Learn more about:
    Getting your site indexed

    Advertising



    Generally our web crawler, MSNBot, can find most pages on the Internet. However if your site does not appear on Live Search, you can send us the address (URL).

    Type the characters from the picture
    In the box below, type the characters that you see in the picture. This helps ensure that a person, not an automated program, is submitting the URL.

    If you don't see the picture, make sure your browser is set to allow images. If you change the image setting, refresh this page to continue.

    Characters:

    Type the URL of your homepage
    MSNBot follows links from your homepage to find other pages on your site.

    Example: http://www.example.com/.



    © 2008 Microsoft | Privacy | Legal
     
  2. engin123

    engin123 Guest

    did you tell me to delete the videoLAN vlc media player 0.8.6d as well,i just wanted to know,iv'e done everything im up to the stage for you to reply to my last message & this one then i can reboot then do a highjacker this scan then send it to you back
     
  3. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    Nope I didn't ask you to delete videoLAN vlc media player 0.8.6d. The reason I asked you to delete the following programs is because they are not safe to have on your computer, and can bring in lots of viruses.

    Programs that are not safe:

    AdvancedCleaner Free
    SopCast
    uTorrent
    LimeWire


    ---> You can proceed to post me a HijackThis log, and please do the online scan and post me the online scan log as well.
     
  4. engin123

    engin123 Guest

    this one wont even open up i don't even know what it belongs to ake whats the proper name for it

    C:\WINDOWS\system32\299914\

    & the same for this one what is this called,no problem with this one but what software is it or both of them called,so if anything ever want wrong with one of my softwares or what usually happens is a dill goes missing or a hreg key is corrupt or missing is that because of cc advanced cleaner & other bad programs like them that for some bad reason does a clean up but a lot of them clean up the files or temporary files you need because only after you have done it & then you start to use your software you realise that it wont work good no more
     
  5. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Why do you need to open it? Just right click on it and select "Delete". Tell me if you have difficulty removing it.

    Anyway, are you able to do the online scan?
     
  6. engin123

    engin123 Guest

    ok i will do that now ive deleted the rest but i have to download the latest java what do i do first if you have sent me the link for the java can i delete the old ones firs then download the new one or download the new one first
     
  7. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    My instructions said it clearly, download first (don't install yet) and delete the other version first before installing.
     
  8. engin123

    engin123 Guest

    heres the log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:41, on 31/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MemInfo\meminfo.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
    O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    --
    End of file - 6437 bytes
     
  9. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    How is your computer doing?

     
  10. engin123

    engin123 Guest

    well i sent you the log from highjacker now ive done the java successfully now im onto the Do an online scan with Panda Active Scan,
    so when i go to do the panda scan now do i have to copy & paste this into it or jut do the scan the part underneath which starts with HERE to run Panda's TotalScan
    • Select the bubble for Full scan
     
  11. engin123

    engin123 Guest

    yes my java has varified that was a successfull instalation & that it was the correct one


    Verified Java Version

    Congratulations!

    You have the recommended Java installed (Version 6 Update 5).



    If you want to download Java for another computer or Operating System, see all Java downloads here.



    For updates on Java and Java-enabled applications (desktop and mobile),please sign up for the java.com newsletter.
     
  12. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Good job! Please post the log of the Panda Active scan when you are done.

     
  13. engin123

    engin123 Guest

    its been on for 20 minutes then this box opened up i thought it was for my outloot express e-mail that i have with virgin media,but it wasn't.the scan was only 20 % through yet there was maybe another 80 % to go,i was not sure what to do it said outlook in one white box in another new in another it said ok after i clicked ok then the result scan picture came up with the results at the bottom it says in green disinfect,what do i do copy the report only & then send you that only after iv'e done the hichhicker this scan log & save then send them,let me know jackie chan or jet lee,i love kung fu
     
  14. engin123

    engin123 Guest

    anyway this is what the total scan said,would it have been better to have left it to finish the scan,but mind you i can always leave it on later while im out to do a full scan because it might take 1 or 2 hours 2 do,so do i have to do another one later,im going to do the second scan now with highjacker this then send it to you


    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-03-31 13:37:36
    PROTECTIONS: 1
    MALWARE: 28
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AVG 7.5.519 7.5.519 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
    00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051413.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\y\SDFix\apps\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\EDDY\Desktop\y\SDFix\apps\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\EDDY\Desktop\SmitfraudFix\Process.exe
    00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\EDDY\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\EDDY\Cookies\eddy@tradedoubler[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\EDDY\Cookies\eddy@com[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\EDDY\Cookies\eddy@ads.pointroll[1].txt
    00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\EDDY\Cookies\eddy@adviva[2].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\EDDY\Cookies\eddy@www6.addfreestats[1].txt
    00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\UBCD4Win\plugin\Network\ipscan\ipscan.exe
    00511944 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP90\A0044231.exe
    00511944 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP31\A0002579.exe
    00517584 Application/SuperFast HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP31\A0002578.exe
    00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\EDDY\Desktop\SmitfraudFix\restart.exe
    00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\XP Smoker\restart.exe
    00530899 Application/NirCmd.A HackTools No 0 Yes No C:\UBCD4Win\oem1\PEUtils\nircmd.exe
    00530899 Application/NirCmd.A HackTools No 0 Yes No C:\UBCD4Win\plugin\AntiVirus\AV7PE\nircmd.exe
    01203898 Adware/BraveSentry Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046974.exe
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\EDDY\Desktop\SmitfraudFix\Reboot.exe
    02870155 Application/VirusRanger HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046955.dll
    02870162 Application/VirusRanger HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046956.dll
    02885332 Adware/SpyShredder Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047609.exe
    02893893 Trj/Bancos.RQ Virus/Trojan No 0 No No C:\Documents and Settings\EDDY\Desktop\ComboFix.exe[327882R2FWJFW\pv.cfexe]
    02893893 Trj/Bancos.RQ Virus/Trojan No 0 No No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP115\A0050087.exe[327882R2FWJFW\pv.cfexe]
    02905336 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP48\A0012302.old
    02905349 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP48\A0012301.old
    02905665 Hacktool/Rootkit.AH HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046920.exe
    02907233 Application/VirusHeat HackTools No 0 No No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP119\A0051472.exe[VirusHeat 4.3.exe]
    02908176 Application/PCPrivacyTool HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046921.dll
    02908177 Application/PCPrivacyTool HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046922.exe
    02908179 Application/PCPrivacyTool HackTools No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049933.exe
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046925.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047501.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046947.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046913.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047492.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047989.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP106\A0047440.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048192.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046891.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048237.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0049237.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP109\A0049248.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049542.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049829.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP111\A0049880.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047323.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047421.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050151.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0051139.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051186.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051196.dll
    02909516 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051397.dll
    02909523 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051211.exe
    02909524 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048195.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048191.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047502.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047491.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP106\A0047441.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047422.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047324.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046946.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046926.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046912.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046890.exe
    02909528 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047988.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
     
  15. engin123

    engin123 Guest

    & here is the highjacker log,there you go bruce,whats next

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:44:14, on 31/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MemInfo\meminfo.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
    O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    --
    End of file - 6967 bytes
     
  16. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Hey,

    Good job. Your logs are fine now. :)

    Time for some housekeeping

    [*] Click START then RUN
    [*] Now type Combofix /u in the runbox and click OK


    [​IMG]


    [*] When shown the disclaimer, Select "2"

    The above procedure will:

    [*] Delete the following:
    [*] ComboFix and its associated files and folders.
    [*] VundoFix backups, if present
    [*] The C:\Deckard folder, if present
    [*] The C:_OtMoveIt folder, if present

    [*] Reset the clock settings.
    [*] Hide file extensions, if required.
    [*] Hide System/Hidden files, if required.
    [*] Reset System Restore.

    --------------------------------------------------------------------
    Now that your log is fine, I have some recommended downloads for you. Please have a look at them and decide for yourself what you would like to use as protection for your system. After you have chosen the protection softwares you want to download, please don't forget to set them to automatic updating so that you have the latest protection.

    [*]Spybot Search & Destroy- An excellent and free anti-spyware software with Immunize functionability that will help prevent future infections. PGPhantom has written a very comprehensive instruction set for Spybot, available here.

    [*]SpywareBlaster - A wonderful prevention tool to protect yourself from installation of malicious codes. SpywareBlaster tutorial (by Grinler) is available here.

    [*]IE-SpyAd - It puts over 5000 sites in your restricted zone and protect your Internet browser from being redirected to a malicious site. Lawrence Abrams has written an excellent tutorial about IE-SpyAd here.

    Special Note: It is vital to know that you should only have ONE anti-spyware resident protection and ONE anti-virus resident protection running. Running more than one resident protection can slow down your system and cause conflicts between the protection softwares.

    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

    ~Ltangel~
     
    Last edited: Mar 31, 2008
  17. engin123

    engin123 Guest

    thank you,now i have got to the end im just now downloading the VundoFix,do i run it or save it to my desktop then install it or do i just follow the promps of how afterdawn.com tell you how to use it whch iv'e copied for you to tell me what shall i do
    VundoFix v6.5.0
    VundoFix is a removal tool developed to remove Virtumonde infections. To use the tool follow the instrctions below.

    Download VundoFix to your desktop and extract it (if zipped).


    Double-click VundoFix.exe to run it.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.





    [*] Delete the following:
    [*] ComboFix and its associated files and folders.
    [*] VundoFix backups, if present
    [*] The C:\Deckard folder, if present
    [*] The C:_OtMoveIt folder, if present

    [*] Reset the clock settings.
    [*] Hide file extensions, if required.
    [*] Hide System/Hidden files, if required.
    [*] Reset System Restore.

     
  18. Ltangel

    Ltangel Regular member

    Joined:
    Feb 17, 2008
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    26
    Why do you need to download VundoFix when you have no vundo infection?

    It's best not to download tools like these as they can damage your system if you use without supervision. Tools like ComboFix and VundoFix are only to be used under supervision from malware experts.

    Now please take a look at the softwares I recommended you to download and ensure your computer is well protected.

    Safe surfing!
     
  19. engin123

    engin123 Guest

    are you still there bruce, this one you want it deleted that is all my folders with all my passwords information in them sites that if i lose them i got them in there,is it because they are on the desktop can i move them to my documents,i wouldn,t have thought that this file & the other one is harmfull because of my memory i make them folders up,The C:_OtMoveIt folder, if present The C:\Deckard folder, if present this folder has a copy of all our transactions for me to ever read them again or try to help myself when others don't want to help out,that whistleing noise is still happening,it might seem like we are finished but tomorrow uk time what time do you get back from work so i know when to be around so we can finish off what little bits are left you can get me to check that evrything is running fine & then after i ask you to help me with the 2 or 3 small items left thats it,but how do i get rid of that noise,my clock was reset to,but in the future if i ever want to do a system restore does it work now for me to use it if i have to
     
  20. engin123

    engin123 Guest

    hi bruce thanks for your help but i am not trying to be funny but because iv'e found such good people like yourselves in s.afterdawn.com/ i just want to return the favour if i can,is there anyone at management level that i could speak to on your behalf to let them know how much i apriciate what kindness & helpfulness you gave me through this week of torture that iv'e been through

    ,please im in all day again tomorrow so it will be very important if you can help me out with the few finishing tests to make sure everything is in working order otherwise im back to square one again,thats why becvause of my condion like you i don't want to rush anything,so if thats ok with you i would just like to have tuesday & wednesday & maybe friday to for the finishing touches to be sorted out,it might even drag into the weekend but to be honest with you im getting better at this with your help are you sure you are not a teacher or an it technition,

    you are very good at what you do,i mean there are things you have even answered yet & we will have to go through them agan tomorrow so please when you wake up the same time that you usually would send me a message please do it around that time so you can tell me what time in uk time you will be home then just send me a message then we can get started because the last two or more message you did not reply to them,

    one thing was we need to first get this whistling sound off,i will check if its only doing it in the explorer browser,if it doesn't do it in the firefox browser then tomorrow i will let you know no2 i asked you what do you think of the avg 8.0. version which is free also & it goes along with the 7.5. version hand in hand,can i download that one,i want to stick with avg,

    spybot is rubish in my eyes its to crazy it party's to much,it delete things that you need its stopping all my goog sites from coming through it takes everything as a threat,

    its going off all the time the firewall prevents downloads from coming on,i don't understand the settings fare enough but i want stability spybot wont give it to me
     

Share This Page