Live Chat & Podcast at 1:00PM Eastern on Sunday!

Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Lavasoft Search redirect hijack
Go to first new post Yontoo removal
Go to first new post YellowMoxie Redirect
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post IE8 open then closes suddenly
Go to first new post Browser shutdown
Go to first new post Laptop is acting weird
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Windows 7 problematic. Read for informat ...
Go to first new post Google Search Redirecting/Other Possible ...
Go to first new post Slow connection/mouse problems -- malwar ...
Go to first new post BSOD twice, help?
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Suspected Malware - Radio plays randomly ...
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Dreaded explorer.exe trojan =/ (Admin's please help)

(New)
(!)

Reply
Page 1 of 2 1 2
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 01:24 AM #1
Unhappy Solved: Dreaded explorer.exe trojan =/ (Admin's please help)
Hey admins/user's who know how to deal with the explorer.exe virus. I have had it only for a day or two but i could tell the symptoms of the adware/trojan because 1) my computer was running slow. 2) random pop ups. 3) random new desktop icons. and 4) my mcafee anti-virus kept showing new viruses and most of them it could delete but there was always one that kept showing up which i believe is the main virus that it could not delete. ill be on here every day waiting for help.

Thank you,

The Indian Guy
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
14-May-2007, 03:26 PM #2
Hi, Welcome to TSG!!


Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 06:15 PM #3
Logfile of HijackThis v1.99.1
Scan saved at 3:14:36 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Apache HTTP Server\bin\httpd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
G:\Program Files\Apache HTTP Server\bin\httpd.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\messenger\msmsgs.exe
G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dragonballz.com/"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src "); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zang...b1a279c57bb948
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - G:\Program Files\Apache HTTP Server\bin\httpd.exe" -k runservice (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 06:38 PM #4
a friend told me to try and use avast in boot-scan mode. I really don't want to get a new OS but as a last resort i guess i will download a new one
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
14-May-2007, 06:52 PM #5
You don't download a new OS you install it again from your original source.

Click Here and download Killbox and save it to your desktop.



Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310
O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

Close all applications and browser windows before you click "fix checked".


Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\system32\cuqwqcmh.dll
C:\WINDOWS\WindowsUpdates.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\smanager.7.exe


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 07:16 PM #6
********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh
Mon 05/14/2007 16:12:54.32

Driver pe386 (hidden) is present. Run RUSTBFIX by ejvindh.
Driver pe386 (visible) is present. Run RUSTBFIX by ejvindh.

********************************* ROOTCHK-LOG-end


catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-14 16:12:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32:lzx32.sys 71354 bytes executable hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 07:26 PM #7
i dont think this will help but here is a picture of the explorer.exe virus that pops up everytime i turn on my computer and also the combofix made me restart because of a rootkit it found but its still scanning.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 07:34 PM #8
I THINK YOU FIXED IT!!! when i ran my computer just now i didnt get the explorer.exe pop up but i dont think its completly gone not sure yet here is the ComboFix:

"Dustin" - 2007-05-14 16:20:36 Service Pack 2
ComboFix 07-05.13.V - Running from: ""


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\isrorbaw.dll
C:\WINDOWS\system32\nmmpmpyq.dll
C:\WINDOWS\system32\cbxyyxv.dll
C:\WINDOWS\system32\mljiifg.dll
C:\WINDOWS\system32\qommmjk.dll
C:\WINDOWS\system32\winexz32.dll
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\cbxyawv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\inetget2
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\RACLE~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\pe386


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))


2007-05-14 16:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-14 16:00 <DIR> d-------- C:\!KillBox
2007-05-14 15:45 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-14 15:45 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-14 15:45 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-14 15:45 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-14 15:45 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-14 15:45 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-14 15:45 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-13 20:29 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\RegistrySmart
2007-05-13 20:23 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Uniblue
2007-05-13 19:55 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Lavasoft
2007-05-13 18:18 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-05-13 18:18 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-05-13 18:15 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\SuperAdBlocker.com
2007-05-13 17:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-13 12:47 417,792 --a------ C:\WINDOWS\Nero PhotoShow.scr
2007-05-13 12:40 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-13 12:40 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-12 14:40 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe
2007-05-12 14:18 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-12 14:18 <DIR> d-------- C:\Program Files\Ahead
2007-05-12 09:25 <DIR> d-------- C:\WINDOWS\system32\bak
2007-05-12 09:25 <DIR> d-------- C:\WINDOWS\bak
2007-05-11 23:27 <DIR> d-------- C:\Program Files\àdobe
2007-05-09 16:21 <DIR> d-------- C:\DOCUME~1\Dustin\APPLIC~1\Opera
2007-05-08 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-08 17:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-08 15:33 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-05-08 15:24 <DIR> d-------- C:\Program Files\Common Files\DistributeShield
2007-04-26 18:53 <DIR> d-------- C:\Program Files\Neffy
2007-04-26 18:20 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-26 18:19 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-18 22:03 24,575 --a------ C:\WINDOWS\system32\mssetwinsyspios55.dll
2007-04-18 22:02 73,728 --a------ C:\WINDOWS\system32\ltlst14N.dll
2007-04-18 22:02 57,344 --a------ C:\WINDOWS\system32\lfbmp14N.dll
2007-04-18 22:02 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2007-04-18 22:02 53,248 --a------ C:\WINDOWS\system32\lttmb14N.dll
2007-04-18 22:02 487,424 --a------ C:\WINDOWS\system32\LTKRN14n.DLL
2007-04-18 22:02 303,104 --a------ C:\WINDOWS\system32\LTDIS14n.DLL
2007-04-18 22:02 274,432 --a------ C:\WINDOWS\system32\LTEFX14n.DLL
2007-04-18 22:02 180,224 --a------ C:\WINDOWS\system32\LTFIL14n.DLL
2007-04-18 22:02 1,126,400 --a------ C:\WINDOWS\system32\LTIMG14n.DLL
2007-04-16 19:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-04-14 22:15 <DIR> d-------- C:\DOCUME~1\Dustin\.borland


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
ADS removed - system32: deleted 71354 bytes in 1 streams.

2007-05-14 06:28:34 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\uTorrent
2007-05-13 22:52:55 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-12 16:35:05 -------- d-----w C:\Program Files\AviSynth 2.5
2007-05-12 16:25:50 -------- d-----w C:\Program Files\QuickTime
2007-05-12 16:25:50 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-05-12 16:25:47 -------- d-----w C:\Program Files\MSN Messenger
2007-05-12 16:25:47 -------- d-----w C:\Program Files\messenger
2007-05-12 16:25:47 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Gpl Meta
2007-05-12 06:27:57 -------- d-----w C:\Program Files\?dobe
2007-04-27 05:38:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-27 00:00:35 14,297 -c--a-w C:\WINDOWS\mozver.dat
2007-04-25 04:26:03 249,856 ------w C:\WINDOWS\Setup1.exe
2007-04-25 04:26:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-10 22:32:12 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\PE Explorer
2007-04-07 22:17:46 24 -c--a-w C:\WINDOWS\system32\kadmdc.dll
2007-04-05 20:21:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Xfire
2007-04-02 04:22:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Hamachi
2007-04-02 02:43:05 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-01 20:23:11 -------- d-----w C:\Program Files\Real
2007-03-31 09:25:43 32,768 ----a-w C:\WINDOWS\SecureWin33.exe
2007-03-31 09:25:29 45,056 ----a-w C:\WINDOWS\SecureWin32.exe
2007-03-24 19:27:04 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\BitTorrent
2007-03-24 17:08:42 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-10 09:04:28 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Leadertech
2007-03-10 08:05:01 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\AdobeAUM
2007-03-10 07:05:01 -------- d-----w C:\Program Files\uTorrent
2007-03-10 06:25:36 -------- d-----w C:\DOCUME~1\Dustin\APPLIC~1\Swigart Consulting


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"RegistrySmart"="\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot"
"avast!"="G:\\PROGRA~1\\AVASTA~1\\ashDisp.exe"
"Adobe Photo Downloader"="\"G:\\Program Files\\Adobe Photoshop\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PSPVideo9"="G:\\Program Files\\PSPVideo9\\pspVideo9.exe -t"
"SeekmoToolbar"="C:\\Program Files\\SeekmoToolbar\\Bin\\4.8.4.0\\${HOOKOE_FILE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe])
"AGRSMMSG"="AGRSMMSG.exe" [])
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 07:10]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []
"avast!"="G:\PROGRA~1\AVASTA~1\ashDisp.exe" [2007-04-30 08:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\messenger\msmsgs.exe" [2004-08-04 01:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDis abled]
"BitTorrent"="\"G:\\Program Files\\bittorrent.exe\" --force_start_minimized"
"DefaultBind"="C:\\DOCUME~1\\Dustin\\APPLIC~1\\GPLMET~1\\nurb fast bin.exe"
"Free Download Manager"="D:\\Free Download Manager\\fdm.exe -autorun"
"Ozdgze"="\"C:\\Program Files\\?dobe\\nslookup.exe\""
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\Ahead\\data\\Xtras\\mssysmgr.exe"
"Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-02-10 22:32]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070514-160251-483
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
backup-20070514-160251-607
O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\RACLE~1\mmc.exe" -vt ndrv
backup-20070514-160251-730
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310
backup-20070514-160251-493
O4 - HKLM\..\Run: [SManager] smanager.7.exe
backup-20070514-160251-335
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cuqwqcmh.dll",realset
backup-20070514-160251-576
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B1E548EA977AFFFA.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-14 16:29:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-14 16:30:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-14 16:30

________________________________________________________________

Here is Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:57 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Avast Anti-virus\aswUpdSv.exe
G:\Program Files\Avast Anti-virus\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Apache HTTP Server\bin\httpd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
G:\Program Files\Apache HTTP Server\bin\httpd.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
G:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\messenger\msmsgs.exe
G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\explorer.exe
G:\Program Files\Avast Anti-virus\ashMaiSv.exe
G:\Program Files\Avast Anti-virus\ashWebSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dragonballz.com/"); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src "); (C:\Documents and Settings\Dustin\Application Data\Mozilla\Profiles\default\57ihib45.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = G:\Program Files\Apache HTTP Server\bin\ApacheMonitor.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zang...b1a279c57bb948
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - G:\Program Files\Apache HTTP Server\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Avast Anti-virus\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Avast Anti-virus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Avast Anti-virus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Avast Anti-virus\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 07:45 PM #9
i am preaty confident that the virus is gone but i need your word and thank you so much for all your help =D
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
14-May-2007, 08:03 PM #10
sorry to bump up my thread but could you confirm if my computer is now clean?
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
15-May-2007, 03:14 PM #11
Sorry for the delay, I am not getting all of the replies to threads!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
15-May-2007, 06:40 PM #12
Mysterious Dial Up Connection
I also discovered a new dial up connection that i have never seen and the name was really weird i was wondering if you could help me fix that too. Here is picture
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
15-May-2007, 07:04 PM #13
the scan takes a long time =/
cybertech's Avatar
Moderator with 69,251 posts.
  
Join Date: Apr 2002
Location: Washington State
15-May-2007, 07:04 PM #14
Yes the scan can take a while and I suggest you quit using the machine as it will keep scanning your temporary files if you don't.

I can't say where it cam from but I would just delete/remove it.
skate4lifee's Avatar
Member with 60 posts.
THREAD STARTER
  
Join Date: May 2007
Experience: Beginner
15-May-2007, 07:14 PM #15
so your saying even if i shutdown my computer it will continue to scan?

yea i was trying to find the source of the dial up connection and the SUPERAntiSpyware found a program "Dialer.Dial/Gen Variant" so i think thats what the program is. so once the scan is complete and i remove all the viruses that the scan mentioned i will make sure to check if it is still there and if it is ill just delete myself
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 07:32 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑