umm...Viruses Gone but Problems remain [Archive]

View Full Version : umm...Viruses Gone but Problems remain

Kevin123450

12-20-2008, 09:28 PM

Hey How's it going? Your help would be much appreciated. My cousin downloaded some programs that were loaded with trojans and other viruses. I cleaned out all the viruses but windows still chrashes and freezes all the time. I can't get programs to open and a bunch of crap that pisses me off. I've never encountered any problems like this before since I do not download stupid things. I tried to read some other posts to see if the problems were the same so I could just follow the step in a different post. But I think my problem might be different. I've downloaded that hijack program so tell me when you're ready and I'll get you a log. :D <3 Thanks

haapy

12-21-2008, 01:55 AM

Before you send the hijack this log, run a scan with Malwarebytes Antimalware, SuperAntiSpyware and Avira Antivirus. All freeware. Google 'em and you will find 'em.

GoneToPlaid

12-21-2008, 03:13 AM

Before you send the hijack this log, run a scan tieh Malwarebytes Antimalware, SuperAntiSpyware and Avira Antivirus. All freeware. Google 'em and you will find 'em.

And, I should add, don't use other freeware programs other than those which haapy mentions since some other freeware anti-malware and anti-virus programs are in themselves malware.

Kevin123450

12-21-2008, 08:37 PM

Okay Well I've scanned my computer with AVGpro,SpywareDoctor,Avira,malwarebytes, and got rid of everything. The viruses are gone but the problems still remain. I have some logs of what types of viruses and trojans I found if you need them. But anyways my computer has been tortured throughout the last week and now it is clean of everything but I think the viruses might have done some obvious damage. Possibly deleted some files to make my computer not function right? I don't know I'm just assuming. I hope you can help me out without telling me to reformat lol. Your help is greatly appreciated.
I will repost with the log file soon Im just having some difficulties....

Kevin123450

12-21-2008, 08:48 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:35 AM, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-761491258-3453346819-2422916673-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Christine')
O4 - HKUS\S-1-5-21-761491258-3453346819-2422916673-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mike')
O4 - HKUS\S-1-5-21-761491258-3453346819-2422916673-1009\..\Run: [Sonic RecordNow!] (User 'Kimberley')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-761491258-3453346819-2422916673-1009 Startup: PowerReg Scheduler.exe (User 'Kimberley')
O4 - S-1-5-21-761491258-3453346819-2422916673-1009 User Startup: PowerReg Scheduler.exe (User 'Kimberley')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9829 bytes

Kevin123450

12-21-2008, 08:52 PM

I also wanted to post my log file from AVIRA, maybe it's some help to you. It said it can't open 17 files? Is that normal? here it is....

Avira AntiVir Personal
Report file date: December 21, 2008 00:14

Scanning for 1099136 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode with network
Username: Christine
Computer name: LIVINGROOM

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 16:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 15:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 20:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 23:05:09
ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 12/14/2008 23:04:50
ANTIVIR3.VDF : 7.1.0.249 184320 Bytes 12/17/2008 23:04:45
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 18:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/12/2008 23:04:52
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 23:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 21:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 17:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 23:04:50
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/12/2008 23:04:49
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/10/2008 23:05:14
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 23:04:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 18:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 12/10/2008 23:05:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 18:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 16:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 17:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 20:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 19:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 20:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 01:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 20:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 20:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 21:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 21:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+PCK,

Start of the scan: December 21, 2008 00:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'mcuimgr.exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\32788R22FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49bfed76.qua'!
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\PI5D8JJ0\ComboFix[1].exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] The file was moved to '49baef60.qua'!
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\Z7WEPUS5\ComboFix[1].exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] The file was moved to '49baef80.qua'!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
[WARNING] The file could not be opened!

End of the scan: December 21, 2008 01:14
Used time: 59:59 Minute(s)

The scan has been done completely.

9385 Scanning directories
386199 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
17 Files cannot be scanned
386173 Files not concerned
5735 Archives were scanned
17 Warnings
3 Notes

Kevin123450

12-22-2008, 01:00 AM

hmpf :( I don't know

haapy

12-22-2008, 05:32 AM

Major problems.

One thing that I forgot in my prior post. Download CCleaner and run both the cleaner and registry cleaner.

Uninstall AVG. You have the old version (7) and it will conflict with Spyware Doctor and Avira. Avira is a better anti-virus. Keep it. The ignored files are OK for now.

It appears that you have a lot of McAfee stuff. I would recommend removing it. You can always re-install stuff later. I am trying to avoid conflicts. McAfee does not paly well with Avira and SD.

Make sure that you have the latest version or Spyware Doctor .386. If not download and install. If you have a pre 6.0 version of SD, uninstall SD first.

It seems like you have a lot of language options. Unless you are using these, remove them. can cause problems. Start, control panel, regional language options, languages. Make sure both boxes are unchecked. click Details. Usually all you need is the keyboard, unless needed, delete the rest. Click Advanced and click turn off advanced text services.

You have old versions of Sun Java. Go to add remove programs, remove all versions of Java. Go to www.sun.com and download and install the latest version of Sun java.

Make sure that if you have Adobe Flash that is V10, if not, uninstall and go to www.adobe.com and get v10.

Re: the hijack this log.

delete all entries with "File Missing" or "no file"

Run a Spyware Doctor scan

Let me know how all that goes and we can go to the next step.

Anyone else reading this post, feel free to jump in.

Kevin123450

12-22-2008, 01:50 PM

Alright I have a few issues. You probably noticed and I don't even know if it makes a difference but Im running in safe mode. I don't crash in safe mode lol but in normal I do. Well I'll define crash a bit, I can't load explorer,browse internet,programs crash and freeze, and safe mode is the only way i can run my computer without pulling my hair out. I did everything that I could, I can't download some things in safe mode and java is one of them. I don't think thats my problem though so I'm going to run one more scan with SD and avira then I'll get back to ya. I also took a hijackthis log in normal boot if it makes a difference?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:30 AM, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://www.cherrytreeinn.com:8080/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
I'm sorry I wish I wasn't so dumb maybe, I know a little bit though. I'll do my best to help.
I fixed all the missing file and no files right after I saved this log.

Kevin123450

12-22-2008, 02:01 PM

LOL here is an ugly log file of what AVG picked up. Ummm I'm very confused. I run my A/V every day but I went away for a weekend and my family downloaded stupid ****. So maybe if you knew the virus you might know the damage it did? So I though I'd post this, possibly to help you and you can possibly laugh at me. The virus's below are the ones that did the damage I think.Haha I can't believe how many I had and how bad they are. Sigh :(

''Virus identified Worm/Autoit.DJJ''
''Trojan horse BZVundo.''
''Trojan horse Generic_c.IKY''
''Trojan horse SHeur.CFQB''
''Trojan horse Proxy.ACNA''

"","","Adware Generic.CYN","C:\Program Files\DivX\DivX Pro Codec\gain_trickler_3202.exe","12/10/2008 1:21:07 PM","gain_trickler_3202.exe","196.28 KB"
"","","Trojan horse BZVundo.","C:\WINDOWS\SYSTEM32\herutoho.dll","12/10/2008 1:21:10 PM","herutoho.dll","93.58 KB"
"","","Trojan horse FakeAlert.CM","C:\WINDOWS\SYSTEM32\ieupdates.exe","12/10/2008 1:21:11 PM","ieupdates.exe","115 KB"
"","","Trojan horse Vundo.BZ","C:\WINDOWS\SYSTEM32\kalepopo.dll","12/10/2008 1:21:11 PM","kalepopo.dll","62.5 KB"
"","","Trojan horse Vundo.BZ","C:\WINDOWS\SYSTEM32\mutupapo.dll","12/10/2008 1:21:11 PM","mutupapo.dll","62.5 KB"
"","","Trojan horse Vundo.BZ","C:\WINDOWS\SYSTEM32\sasepawa.dll","12/10/2008 1:21:11 PM","sasepawa.dll","93.78 KB"
"","","Potentially harmful program Fake_AntiSpyware.AAP","C:\WINDOWS\SYSTEM32\scui.cpl","12/10/2008 1:21:12 PM","scui.cpl","76.5 KB"
"","","Trojan horse Vundo.BZ","C:\WINDOWS\SYSTEM32\vevesadi.dll","12/10/2008 1:21:12 PM","vevesadi.dll","62.5 KB"
"","","Adware Generic.DSH","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1468\A0067323.exe","5/29/2008 8:52:59 PM","A0067323.exe","457.18 KB"
"","","Adware Generic.DSL","C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll","5/29/2008 8:52:59 PM","WebP2PInstaller.dll","86.5 KB"
"","","Adware Generic.DSG","C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl","5/29/2008 8:52:59 PM","P2P Networking v126.cpl","75.5 KB"
"","","Adware Generic.DSF","C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL","5/29/2008 8:52:59 PM","MARSHAL.DLL","88 KB"
"","","Adware Generic.SUF","C:\WINDOWS\Temp\Adware\RXToolbar.exe","5/29/2008 8:53:00 PM","RXToolbar.exe","1.3 MB"
"","","Adware Generic.AYR","C:\WINDOWS\Temp\Altnet\adm.exe","5/29/2008 8:53:00 PM","adm.exe","141.76 KB"
"","","Adware Generic.NM","C:\WINDOWS\Temp\Altnet\adm25.dll","5/29/2008 8:53:00 PM","adm25.dll","153.76 KB"
"","","Adware Generic.AYN","C:\WINDOWS\Temp\Altnet\adm4.dll","5/29/2008 8:53:00 PM","adm4.dll","125.76 KB"
"","","Adware Generic.AYG","C:\WINDOWS\Temp\Altnet\admdata.dll","5/29/2008 8:53:00 PM","admdata.dll","41.76 KB"
"","","Adware Generic.AYK","C:\WINDOWS\Temp\Altnet\admdloader.dll","5/29/2008 8:53:00 PM","admdloader.dll","93.76 KB"
"","","Adware Generic.BP","C:\WINDOWS\Temp\Altnet\admfdi.dll","5/29/2008 8:53:00 PM","admfdi.dll","45.76 KB"
"","","Adware Generic.AYP","C:\WINDOWS\Temp\Altnet\admprog.dll","5/29/2008 8:53:00 PM","admprog.dll","177.76 KB"
"","","Adware Generic.BK","C:\WINDOWS\Temp\Altnet\dmfiles.cab","5/29/2008 8:53:00 PM","dmfiles.cab","70.77 KB"
"","","Adware Generic.AYS","C:\WINDOWS\Temp\Altnet\pmexe.cab","5/29/2008 8:53:00 PM","pmexe.cab","300.1 KB"
"","","Adware Generic.AZW","C:\WINDOWS\Temp\Altnet\Setup.exe","5/29/2008 8:53:00 PM","Setup.exe","24 KB"
"","","Virus identified Worm/Autoit.DJJ","C:\Program Files\Microsoft office 2007\Launcher.exe","12/3/2008 1:35:42 AM","Launcher.exe","239.43 KB"
"","","Virus identified Java/ByteVerify","C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP. jar-55ec6b27-11c886b7.zip","12/5/2008 9:34:27 AM","OP.jar-55ec6b27-11c886b7.zip","14.83 KB"
"","","Trojan horse Generic_c.IKY","C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\an iman.class-1a434e1-354e69a1.class","5/28/2008 9:56:31 AM","animan.class-1a434e1-354e69a1.class","827 bytes"
"","","Adware Generic.DSH","C:\WINDOWS\system32\P2P Networking\P2P Networking.exe","5/28/2008 9:56:31 AM","P2P Networking.exe","457.18 KB"
"","","Trojan horse Proxy.ACNA","C:\Documents and Settings\Kimberley\Local Settings\Temp\SIntfNT.dll","6/29/2008 9:08:28 AM","SIntfNT.dll","23.94 KB"
"","","Trojan horse Dropper.Agent.JOC","C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe","8/23/2008 9:13:20 AM","knlwrap.exe","124 KB"
"","","Virus identified Worm/Autoit.DJJ","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1660\A0091334.exe","12/3/2008 8:06:32 AM","A0091334.exe","239.43 KB"
"","","Adware Generic.DSG","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1469\A0067387.cpl","5/30/2008 9:09:04 AM","A0067387.cpl","75.5 KB"
"","","Adware Generic.DSF","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1469\A0067388.DLL","5/30/2008 9:09:04 AM","A0067388.DLL","88 KB"
"","","Trojan horse SHeur.CFQB","C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1560\A0082034.exe","9/2/2008 9:25:00 AM","A0082034.exe","334.81 KB"
"","","Trojan horse Downloader.Small.61.AT","C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\T371QFMS\freehitmovies_org[1].htm","7/9/2008 6:58:29 PM","freehitmovies_org[1].htm","91 KB"
"","","Trojan horse SHeur.CFQB","C:\Program Files\DNA\btdna.exe","9/1/2008 9:23:34 AM","btdna.exe","334.81 KB"

Kevin123450

12-22-2008, 06:19 PM

Alright, I've made a lot of progress. I can run in normal boot now and nothing seems to be crashing. I run spyware doctor in custom scan. I chose files to custom scan by all the different types of scanners possible. Took over 2 hours to scan lol. Found one more trojan,some spyware, and 3 hidden files. Which I couldn't open so I just deleted them. Said the risk was very high so I just deleted them. Seems to have worked, just working out the kinks now. Thanks for your patience.

haapy

12-22-2008, 08:57 PM

I just read your most current post while I was comnposing this, but I will send anyway. No laughter at your plight.

Yikes. The Vundo is a bad one

First, let's finish with hijack this.

Remove the following entries
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021YYCA
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Then for some basics.

Make sure that you have only one active antivirus running Aira or AVG not both.

I assume that you have run the Spyware Doctor, Malwarebytes, SuperAntispyware Avira and AVG scans.

If you can not get rid of Vundo, try this.

http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde

haapy

12-22-2008, 08:58 PM

Glad to be of help.