Jump to content

3 years without a virus, then Wham.... my cpu is sick. Help!!!

silverroller
 Share

Recommended Posts

silverroller

silverroller

Posted
Posted

It's been almost three years since I've had a virus on my machine. Guess I've had a decent run.... but all good things must come to an end.

Can someone help me get rid of this virus that has decided to infect my computer?

I have followed your post and have the logs ready, I will post below. As for the AVG log there I don't see an easy "print log" option so let me know if I don't provide the correct information.

THANK YOU IN ADVANCE FOR YOUR HELP, BEN

AVG-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.www.burstbeacon.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.target.com/]

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/66305761]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/24797217]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/24797217]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/70307935]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/2713995]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/80570461]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/91338698]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/12511569]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.stat.onestat.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statse.webtrendslive.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.stat.onestat.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.stat.onestat.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/18354542]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/86159690]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/66305761]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.overture.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.phg.hitbox.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ben\Cookies\ben@adrevolver[2].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ads.addynamix[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ads.pointroll[2].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ben\Cookies\ben@adserver.easyad[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ben\Cookies\ben@advertising[1].txt

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Ben\Cookies\ben@anm.co[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ben\Cookies\ben@apmebf[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ben\Cookies\ben@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ben\Cookies\ben@atwola[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ben\Cookies\ben@azjmp[2].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ben\Cookies\ben@bluestreak[1].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ben\Cookies\ben@bravenet[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Cookies\ben@bs.serving-sys[2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Ben\Cookies\ben@burstnet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ben\Cookies\ben@casalemedia[1].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ccbill[1].txt

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Ben\Cookies\ben@cdfreaks[2].txt

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Ben\Cookies\ben@clickbank[1].txt

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Ben\Cookies\ben@club.cdfreaks[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ben\Cookies\ben@com[1].txt

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ben\Cookies\ben@counter.hitslink[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Ben\Cookies\ben@cs.sexcounter[2].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Ben\Cookies\ben@did-it[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ben\Cookies\ben@doubleclick[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ehg-dig.hitbox[2].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ehg.hitbox[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ben\Cookies\ben@fastclick[1].txt

Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Ben\Cookies\ben@fortunecity[1].txt

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ben\Cookies\ben@gostats[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ben\Cookies\ben@go[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ben\Cookies\ben@hg1.hitbox[1].txt

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Ben\Cookies\ben@i.screensavers[1].txt

Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Ben\Cookies\ben@linksynergy[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ben\Cookies\ben@media.adrevolver[2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ben\Cookies\ben@mediaplex[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Cookies\ben@overture[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Cookies\ben@perf.overture[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ben\Cookies\ben@phg.hitbox[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ben\Cookies\ben@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ben\Cookies\ben@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ben\Cookies\ben@revenue[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ben\Cookies\ben@searchportal.information[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Cookies\ben@server.iad.liveperson[3].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Cookies\ben@serving-sys[2].txt

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Ben\Cookies\ben@sexlist[2].txt

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Ben\Cookies\ben@spylog[2].txt

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Cookies\ben@stat.onestat[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ben\Cookies\ben@statcounter[1].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ben\Cookies\ben@statse.webtrendslive[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ben\Cookies\ben@target[1].txt

Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Ben\Cookies\ben@teensforcash[2].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ben\Cookies\ben@toplist[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ben\Cookies\ben@tradedoubler[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ben\Cookies\ben@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ben\Cookies\ben@tribalfusion[2].txt

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Ben\Cookies\ben@weborama[1].txt

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www.burstbeacon[2].txt

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www.myaffiliateprogram[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www2.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www3.addfreestats[1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ben\Cookies\ben@xiti[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ben\Cookies\ben@yadro[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ben\Cookies\ben@zedo[2].txt

Virus:Trj/Downloader.MDW Disinfected C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\BackgroundRemover\Background.Remover.v1.0 patch.exe

Virus:Trj/Downloader.MDW Disinfected C:\Program Files\ImageSkill\BackgroundRemover\Background.Remover.v1.0 patch.exe

Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe

Virus:Generic Worm Not disinfected D:\Software\Adobe.Photoshop.Plugin.Collection.100107-forAdobe\Adobe.CS3.Keygen.Pack\Adobe.CS3.Keygen.Pack.rar[ZWT\Dreamweaver CS3 Keygen + Activation ZWT.exe]

Virus:Generic Worm Not disinfected D:\Software\Adobe.Photoshop.Plugin.Collection.100107-forAdobe\Adobe.CS3.Keygen.Pack\Adobe.CS3.Keygen.Pack.zip[Adobe.CS3.Keygen.Pack.rar][ZWT\Dreamweaver CS3 Keygen + Activation ZWT.exe]

Virus:Trj/Downloader.MDW Disinfected D:\Software\Adobe.Photoshop.Plugin.Collection.100107-forAdobe\Background.Remover.v1.0.for.Adobe.Photoshop.Cracked-SSG\Background.Remover.v1.0 patch.exe

PANDA---------(This list was so long that I couldn't post it all)----------------------------------------------------------------------------------------------------------------------------------------------------------------

<history>

<!-- 01c848ec1389d160 -->

<rec time="2007/12/28 00:53:35" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 00:53:36" user="SYSTEM" source="Update">

<value>@HL_UpdateOK</value>

<attr name="version">avi:1234-1205;iavi:1210-1147;</attr>

</rec>

<rec time="2007/12/28 00:53:37" user="Ben" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 00:54:06" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 00:54:09" user="Ben" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 18:45:46" user="Ben" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 18:46:16" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 18:46:16" user="Ben" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

<rec time="2007/12/28 18:46:46" user="SYSTEM" source="Virus">

<value>@HL_ReportFindRS</value>

<attr name="filename">C:\WINDOWS\system32\xxyvvwt.dll</attr>

<attr name="finding">@EID_Id_trj</attr>

<attr name="virusname">Generic9.AHGK</attr>

</rec>

</history>

HijackThis-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:51:44 PM, on 12/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Media Center Magic\FrontView\fvsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Grisoft\AVG7\avgwb.dat

C:\Program Files\Grisoft\AVG7\avgcc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\geede.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0F4D416F-3EE1-4AB8-A09C-C4CD0FA968BE} - C:\WINDOWS\system32\geede.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\WINDOWS\system32\xxyvvwt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Glass2k] C:\Torrents\Done\Vista pack for XP by tuningmaniac\Glass Efect for XP by tuningmaniac\Glass2k.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [dc9af4b4] rundll32.exe "C:\WINDOWS\system32\rwpsxeuv.dll",b

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: xxyvvwt - C:\WINDOWS\SYSTEM32\xxyvvwt.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FrontView Display Interface (fvsvc) - Media Center Magic - C:\Program Files\Media Center Magic\FrontView\fvsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 9612 bytes

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Hi Ben and welcome to Malwarebytes. I don't know for sure how you got your Panda log into HTML format, but that is not how they are produced. There is a tutorial at the top of this forum on how to run a Panda scan and get the log. Please run it again and post the log, if you need to separate it into two posts go ahead and do that. Your AVG scan is also missing details. Did you remove the items found?

Let's run this tool also:

Please download VundoFix.exe

to your desktop. http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.

* Click the Scan for Vundo button.

* Once it's done scanning, click the Remove Vundo button.

* You will receive a prompt asking if you want to remove the files, click YES

* Once you click yes, your desktop will go blank as it starts removing Vundo.

* When completed, it will prompt that it will reboot your computer, click OK.

* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

Sorry for the delay, I was out of town for New Years.

Yea, I don't know what happened in the Panda scan post (my doing, I'm sure)!!! I ran it again and got the following:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.overture.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/12511569]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/18354542]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/24797217]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/2713995]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/66305761]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/70307935]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/80570461]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/86159690]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.server.iad.liveperson.net/hc/91338698]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.stat.onestat.com/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.target.com/]

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.www.burstbeacon.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[.xiti.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\nsk8jch9.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ads.addynamix[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ads.pointroll[1].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ben\Cookies\ben@adserver.easyad[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ben\Cookies\ben@advertising[2].txt

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Ben\Cookies\ben@anm.co[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ben\Cookies\ben@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ben\Cookies\ben@atwola[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Ben\Cookies\ben@azjmp[2].txt

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ben\Cookies\ben@bravenet[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Cookies\ben@bs.serving-sys[2].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ben\Cookies\ben@ccbill[1].txt

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Ben\Cookies\ben@cdfreaks[2].txt

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Ben\Cookies\ben@club.cdfreaks[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ben\Cookies\ben@com[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Ben\Cookies\ben@cs.sexcounter[2].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Ben\Cookies\ben@did-it[2].txt

Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Ben\Cookies\ben@fortunecity[1].txt

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ben\Cookies\ben@gostats[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ben\Cookies\ben@go[1].txt

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Ben\Cookies\ben@i.screensavers[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Cookies\ben@overture[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ben\Cookies\ben@perf.overture[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ben\Cookies\ben@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ben\Cookies\ben@realmedia[1].txt

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ben\Cookies\ben@revenue[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ben\Cookies\ben@searchportal.information[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ben\Cookies\ben@server.iad.liveperson[3].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ben\Cookies\ben@serving-sys[2].txt

Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ben\Cookies\ben@stat.onestat[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ben\Cookies\ben@target[1].txt

Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Ben\Cookies\ben@teensforcash[2].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ben\Cookies\ben@toplist[1].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ben\Cookies\ben@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ben\Cookies\ben@tribalfusion[1].txt

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Ben\Cookies\ben@weborama[1].txt

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www.burstbeacon[2].txt

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www.myaffiliateprogram[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www2.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ben\Cookies\ben@www3.addfreestats[1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ben\Cookies\ben@xiti[1].txt

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ben\Cookies\ben@yadro[1].txt

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\geede.dll.bad

Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ssqrpop.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xxyvvwt.dll

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xxywvsr.dll

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

I downloaded VundoFix.exe and ran it. It found no instances. I did run this program once, before I found your website. The first time it found some and removed it. I can't find the log from the first attempt and did not provide a log for the sencond attempt when it found nothing.

I am currently running AVGscan and will post the results when it finishes.

I will do the same with HiJackThis

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

Here is my AVG Scan Info. the scan says that it found nothing, but I always get notifications from the program. I will post the notification log below, but the .txt file is 700kb and the board won't allow me to post the whole log together. So I'll have to break to up into smaller pieces.

"General properties" ""

"Report name" "Complete Test"

"Start time" "1/2/2008 11:14:36 PM"

"End time" "1/3/2008 1:06:43 AM (total: 1:52:05.7 hrs)"

"Launch method" "Scanning launched manually"

"Scanning result" "No threats found"

"Report status" "Scanning completed successfully"

" " ""

"Object summary" ""

"Scanned" "171006"

"Threats Found" "0"

"Cleaned" "0"

"Moved to vault" "0"

"Deleted" "0"

"Errors" "0"

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

Well instead of posting the whole log from the scan which finds the same file in the same place. Ill give you the highlights.

"2007/12/28 02:59:47" "Virus" "Ben" "Resident Shield reports Virus found Lop on C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\Y0U1K0OZ\hctp[1]."

"2007/12/28 02:59:48" "Virus" "Ben" "In C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\Y0U1K0OZ\hctp[1] was ""Lop"" virus found."

"2007/12/28 05:05:27" "Virus" "Ben" "C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\Y0U1K0OZ\hctp[1] was inserted into virus vault."

"2007/12/28 05:05:27" "Virus" "Ben" "C:\VundoFix Backups\rwpsxeuv.dll.bad was inserted into virus vault."

"2007/12/28 19:23:53" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:28:37" "Virus" "SYSTEM" "Resident Shield reports Virus found Lop on C:\System Volume Information\_restore{610886AC-AFDA-4B65-A167-3358E761B5AB}\RP332\A0063200.dll."

And the rest of the log is all

"2007/12/28 21:43:27" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:43:58" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:44:29" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:45:00" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:45:31" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:46:02" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

"2007/12/28 21:46:33" "Virus" "SYSTEM" "Resident Shield reports Trojan horse Generic9.AHGK on C:\WINDOWS\system32\xxyvvwt.dll."

etc......

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

VundoFix Log

VundoFix V6.7.7

Checking Java version...

Scan started at 11:40:16 PM 12/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\edeeg.ini

C:\WINDOWS\system32\edeeg.ini2

C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\rwpsxeuv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\edeeg.ini

C:\WINDOWS\system32\edeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\edeeg.ini2

C:\WINDOWS\system32\edeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\geede.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rwpsxeuv.dll

C:\WINDOWS\system32\rwpsxeuv.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rwpsxeuv.dll

C:\WINDOWS\system32\rwpsxeuv.dll Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 11:16:27 PM 1/2/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

Link to post
Share on other sites
silverroller

silverroller

Posted
  • Author
Posted

New Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:25:50 PM, on 1/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Media Center Magic\FrontView\fvsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\geede.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0F4D416F-3EE1-4AB8-A09C-C4CD0FA968BE} - C:\WINDOWS\system32\geede.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\WINDOWS\system32\xxyvvwt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Glass2k] C:\Torrents\Done\Vista pack for XP by tuningmaniac\Glass Efect for XP by tuningmaniac\Glass2k.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [dc9af4b4] rundll32.exe "C:\WINDOWS\system32\rwpsxeuv.dll",b

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: xxyvvwt - C:\WINDOWS\SYSTEM32\xxyvvwt.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FrontView Display Interface (fvsvc) - Media Center Magic - C:\Program Files\Media Center Magic\FrontView\fvsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 9828 bytes

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted
I downloaded VundoFix.exe and ran it. It found no instances. I did run this program once, before I found your website. The first time it found some and removed it. I can't find the log from the first attempt and did not provide a log for the sencond attempt when it found nothing.

I am currently running AVGscan and will post the results when it finishes.

I will do the same with HiJackThis

Yes it did find things and it removed them. Your not following directions. I want whole logs please, no edits. Use more than one post if that is what it takes. And the requested logs need to be posted in the order they are asked for. HJT will always be last. I'm not sure you are using AVG anti spyware for scanning either. I don't want the anti virus program I want you to do this please:

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Link to post
Share on other sites
  • 2 weeks later...
JeanInMontana

JeanInMontana

Posted
Posted

Due to lack of response I will close this topic to prevent others from posting into it.

The fixes and procedures in this topic are for this machine only. Applying this advice to another system can result in permanent system damage. If you require assistance please open your own topic and someone will be happy to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.