Trying to recover...but

  • drake371
  • Born
  • Born
  • drake371
  • Posts: 3

Post 3+ Months Ago

Well this is my saga...

My pc got invected with a virus/worm/etc and it did alot of damage, lucky so far do real file damage but rather annoyances.. I was getting popups, my winsocks was screwed, unable to access reg, unable to access task manager, etc etc etc

So I was unable to use the desktop, I swithc over to my laptop and found your website!!! It has helped me remove most of my problems, found how to access my reg again, how to to get task manager back, how to remove all (I think) virus, etc But I am still having a few problems that I can't seem to fix myself.

So far I got spybot installed and running and an up-to-date antivirus working. The following problems i am still having.

*FIXED* 1) hijackthis is not work... I click on it and nothing is happening, its like its blocked from running, reminds me of when taskman was unavailable.. reg problem? even tried renaming it and moving to different directories and redownloading...
*FIXED* 2) my C: drive does not show up on "My Computer".. looked every where but can't find a solution
*FIXED* 3) (minor) the 'programs' tab in the menu was removed by the virii, I got it back but it is in the first column, would like to return it back to the second column. I could be wrong about the location...
4) I noticed in the registry that it has entries for programs and files that are not longer installed on the PC, is there something that remove all those old entries?
*FIXED* 5) In the course of all this, I got 'active desktop' activated, for the life of me I can't remember how to disable that 'feature'
6) it seems sluggish on boot up when windows load... I prolly missed some services but i have no clue atm till hijackthis can work
*FIXED* 7) there are several programs listed in "Add or Remove Program" listing that are unable to unistall, broken links??
8) AVS is acting like its updating on every reboot and wants to reboot after 'patching' but looking at the verison number and log number of the database, nothing is being changed
9) ...

I know I have missed something and I will post them as soon as I remember.

So far thanks for all the hard work everyone puts in, I know its annoying to get asked the same questions over and over, but I am glad the infomation was here!!

drake
  • drake371
  • Born
  • Born
  • drake371
  • Posts: 3

Post 3+ Months Ago

Updated with some more 'problems' and the one I finually fixed and said *doh*

drake
  • drake371
  • Born
  • Born
  • drake371
  • Posts: 3

Post 3+ Months Ago

here is my log for ComboFIX ran in safe mode
Quote:
ComboFix 08-09-05.02 - Compaq_Owner 2008-09-06 10:30:13.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\Thumbs.db
C:\WINDOWS\BM4366c4bb.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abjcagde.dll
C:\WINDOWS\system32\acehgMoq.ini
C:\WINDOWS\system32\acehgMoq.ini2
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\bywbhifo.dll
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\mefkpe.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwfkdpbo.ini
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\obpdkfwm.dll
C:\WINDOWS\system32\ofihbwyb.ini
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\qoMgheca.dll
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\srtljs.dll
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\VIE1.exe
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\yolnswfl.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-06 09:32 . 2008-09-06 09:32 <DIR> d---sc--- C:\Documents and Settings\Compaq_Owner\UserData
2008-09-06 09:32 . 2008-09-06 09:32 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-09-06 08:15 . 2008-09-06 08:15 <DIR> d----c--- C:\Documents and Settings\Compaq_Owner\Application Data\Subversion
2008-09-05 22:41 . 2007-08-01 22:47 102,664 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-05 18:24 . 2008-09-06 09:56 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 18:24 . 2008-09-05 18:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 18:24 . 2008-09-02 00:16 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 18:24 . 2008-09-02 00:16 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 18:10 . 2008-09-05 18:11 <DIR> d----c--- C:\HJT
2008-09-05 17:44 . 2008-09-05 17:44 <DIR> d----c--- C:\Program Files\Trend Micro
2008-09-05 15:10 . 2008-09-05 15:54 <DIR> d----c--- C:\WINDOWS\system32\NtmsData
2008-09-05 12:35 . 2008-09-05 12:38 <DIR> d----c--- C:\Program Files\Spybot - Search & Destroy
2008-09-05 11:05 . 2008-09-05 22:55 <DIR> d----c--- C:\Documents and Settings\Compaq_Owner\.housecall6.6
2008-09-05 10:25 . 2008-09-05 10:25 0 --a--c--- C:\WINDOWS\BM4366c4bb.xml
2008-09-05 10:11 . 2008-09-05 10:11 <DIR> d----c--- C:\EmergRegBackup
2008-09-05 06:43 . 2008-09-03 03:12 78,848 --a--c--- C:\WINDOWS\system32\VIEA.exe
2008-09-04 22:41 . 2008-09-06 11:03 <DIR> d----c--- C:\Program Files\PCHealthCenter
2008-09-04 22:41 . 2008-09-05 00:58 <DIR> d----c--- C:\Program Files\MSA
2008-09-04 17:17 . 2008-09-05 21:58 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-09-04 17:15 . 2008-09-05 10:16 <DIR> d----c--- C:\WINDOWS\system32\drivers\Avg
2008-09-04 17:15 . 2008-09-04 17:15 <DIR> d----c--- C:\Program Files\AVG
2008-09-04 17:15 . 2008-09-04 19:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-04 17:15 . 2008-09-04 17:15 97,928 --a--c--- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-04 17:15 . 2008-09-04 17:15 76,040 --a--c--- C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-04 17:15 . 2008-09-04 17:15 12,936 --a--c--- C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-04 17:15 . 2008-09-04 17:15 10,520 --a--c--- C:\WINDOWS\system32\avgrsstx.dll
2008-09-04 17:10 . 2008-09-04 18:25 138 --a--c--- C:\WINDOWS\system32\dxcombin.inf
2008-09-04 17:10 . 2008-09-04 18:25 138 --a--c--- C:\WINDOWS\system32\accwiz.bin
2008-09-04 17:10 . 2008-09-04 18:25 136 --a--c--- C:\WINDOWS\system32\netmsg.bin
2008-09-04 16:54 . 2008-09-04 16:54 94,208 --a--c--- C:\WINDOWS\system32\lkzkbglu.exe
2008-08-30 15:38 . 2008-08-30 15:38 <DIR> d----c--- C:\Program Files\BabasChess
2008-08-27 22:55 . 2008-08-27 23:26 <DIR> d----c--- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:07 --------- dc----w C:\Program Files\BOINC
2008-09-06 13:39 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-09-06 13:38 --------- dc----w C:\Program Files\Common Files\SolidWorks Shared
2008-09-06 04:03 --------- dc----w C:\Program Files\mIRC
2008-09-05 19:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 13:13 --------- dc----w C:\Program Files\Common Files\Blizzard Entertainment
2006-12-11 23:46 120 -c--a-w C:\Documents and Settings\Default User\Application Data\wklnhst.dat
2006-12-11 23:46 120 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a--c--- C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-10-22 9438488]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-06-20 1859864]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-04 1235736]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
GridRepublic Desktop.lnk - C:\Program Files\BOINC\GridRepublic.exe [2007-11-26 3891968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=srtljs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-04 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-04 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-04 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-04 76040]
S4 DirectX multi version;DirectX multi version;C:\WINDOWS\system32\dxcombin.exe [ ]
S4 OLE multi config;OLE multi config;C:\WINDOWS\system32\ole2.exe [ ]
S4 Win Common module;Win Common module;C:\WINDOWS\system32\servicemp.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c618b66-041a-11da-89cd-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{18F9AEF2-8984-41DA-BF9C-91A215FD0A71} - C:\WINDOWS\system32\qoMgheca.dll
BHO-{3238f9b1-ebb7-410d-a8a5-f6c0a5f659fc} - C:\WINDOWS\system32\srtljs.dll
BHO-{44BE10CF-BF9B-41B1-9F8A-0C24531B3E32} - (no file)
BHO-{DA16164D-96D5-4ACB-BCF7-BA486B8ABC1A} - (no file)
BHO-{E17C0B7B-57A9-4087-9F7F-9B4AF46CA2B9} - (no file)
HKLM-Explorer_Run-5cTi5Du2v5 - C:\Documents and Settings\All Users\Application Data\jyjchgrs\bqjkhury.exe
ShellExecuteHooks-{DA16164D-96D5-4ACB-BCF7-BA486B8ABC1A} - (no file)
Notify-AtiExtEvent - (no file)
Notify-awttrPjK - awttrPjK.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\khfmd193.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox? ... S:official
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 11:04:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\06b23020-456b-4e75-9d1f-9d4709ef6b5d.tmp 0 bytes
C:\WINDOWS\TEMP\4ed352dc-9bf9-4ccb-89c0-753aafb56444.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R4_6.04_windows_intelx86.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R4_6.04_windows_intelx86_1.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-06 11:14:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 16:14:39

Pre-Run: 96,292,651,008 bytes free
Post-Run: 96,152,547,328 bytes free

258


Here is a report from MBAM

Quote:
Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 12:28:03 PM
mbam-log-2008-09-06 (12-27-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123791
Time elapsed: 1 hour(s), 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.btga (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\abjcagde.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bywbhifo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mefkpe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\obpdkfwm.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\srtljs.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yolnswfl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> No action taken.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> No action taken.
C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> No action taken.
C:\WINDOWS\BM4366c4bb.xml (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Compaq_Owner\Desktop\MS Antivirus.lnk (Rogue.Link) -> No action taken.


And FINUALLY after removing the above problems

HijackThis
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\BOINC\GridRepublic.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R4_6.04_windows_intelx86.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R4_6.04_windows_intelx86_1.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: GridRepublic Desktop.lnk = C:\Program Files\BOINC\GridRepublic.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8700551656
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: srtljs.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)

--
End of file - 5969 bytes

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 44 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.