Cant remove virtumonde & all my music has started to fail

BullGuard Antivirus Forum > Virus > Virus Questions > Cant remove virtumonde & all my music has started to fail

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-14-2008 7:12 (GMT +1)

hi and thank you for any help

i think i may have a trojan. all my music has started to skip or not play at all. my norton 2008 av says everything is fine. i ran spybot search & destroy and it keeps showing a virtumonde. the spybot said it fixed and removed the problem but when i reboot it keeps comming back. i was told after spybot fix to turn off system restore & disconnect ethernet cable and reboot. however this doesnt help. also when IE tries to launch i get this error regsvr32 [/n]]dllname i ran a deckard's system scan and this is what came up. thanks again for any suggestion and help

Deckard's System Scanner v20071014.68
Run by Ryan on 2008-07-14 00:50:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ryan.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:31 AM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RYANJD~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Search - ?p=ZCxdm801MTUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8805 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-13 22:29:34 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-13 22:28:01 0 d-------- C:\Program Files\Memeo
2008-07-13 22:27:52 0 d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-07-13 16:27:49 0 d-------- C:\Program Files\Microsoft DirectX SDK (June 2008) <MIBC72~1>
2008-07-13 16:27:44 0 d-------- C:\WINDOWS\Logs
2008-07-13 15:48:25 0 d-------- C:\WINDOWS\system32\371186
2008-07-12 21:00:00 0 d-------- C:\Program Files\Windows Sidebar <WINDOW~4>
2008-07-12 20:59:48 0 d-------- C:\Program Files\Norton 360 <NORTON~1>
2008-07-12 20:58:03 0 d-------- C:\Program Files\Symantec
2008-07-12 18:46:05 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2008-07-12 18:13:43 686630 --a------ C:\Program Files\dss.exe
2008-07-12 17:34:48 0 d-------- C:\Documents and Settings\Ryan\Application Data\Uniblue
2008-07-12 16:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-11 23:33:49 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2008-07-11 23:13:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-11 14:16:28 0 d-------- C:\Program Files\Western Digital <WESTER~2>
2008-07-11 14:16:07 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-11 14:11:58 0 d-------- C:\Program Files\Western Digital Technologies <WESTER~1>
2008-07-06 14:47:15 0 d-------- C:\Program Files\Full Tilt Poker.Net <FULLTI~1.NET>
2008-07-04 12:05:10 0 d-------- C:\WINDOWS\system32\349168
2008-07-04 12:04:52 32768 --a------ C:\WINDOWS\system32\wingsa32.dll
2008-06-21 23:11:50 0 d-------- C:\Program Files\Soulseek
2008-06-21 23:11:26 842672 --a------ C:\Program Files\slsk156c.exe
2008-06-15 04:05:14 0 d-------- C:\Program Files\UBNet

-- Find3M Report ---------------------------------------------------------------

2008-07-14 00:33:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-13 23:53:54 0 d-------- C:\Program Files\Winamp
2008-07-13 22:38:25 0 d-------- C:\Program Files\Google
2008-07-13 22:30:14 0 d--h----- C:\Program Files\InstallShield Installation Information <INSTAL~1>
2008-07-13 22:29:34 0 d-------- C:\Program Files\Common Files <COMMON~1>
2008-07-13 18:04:00 0 d-------- C:\Documents and Settings\Ryan \Application Data\Mozilla
2008-07-12 21:45:13 0 d-------- C:\Documents and Settings\Ryan \Application Data\mIRC
2008-07-12 21:34:32 0 d-------- C:\Program Files\mIRC
2008-07-11 22:24:47 0 d-------- C:\Documents and Settings\Ryan \Application Data\Azureus
2008-07-11 14:15:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 22:46:02 0 d-------- C:\Documents and Settings\Ryan \Application Data\Sony
2008-06-21 22:46:00 0 d-------- C:\Program Files\VstPlugins <VSTPLU~1>
2008-06-12 14:45:34 0 d-------- C:\Documents and Settings\Ryan \Application Data\Publish Providers
2008-06-12 14:45:34 0 d-------- C:\Documents and Settings\Ryan \Application Data\NetMedia Providers
2008-06-09 23:14:17 0 d--h----- C:\Program Files\Creative Installation Information <CREATI~1>
2008-06-09 23:12:05 0 d-------- C:\Program Files\Creative
2008-06-09 23:11:49 0 d-------- C:\Program Files\Common Files\Creative
2008-05-29 21:27:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-23 17:52:20 0 d-------- C:\Program Files\ms office 2k3 <MSOFFI~1>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 09:08 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/12/2008 09:00 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 09:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [11/03/2006 11:01 AM]
"P17Helper"="P17.dll" [05/02/2005 10:38 PM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 05:22 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 07:23 PM]
"swg"="C:\WINDOWS\system32\regsvr32.exe" [08/04/2004 12:56 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Ryan\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [7/13/2008 10:28:15 PM]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [7/6/2007 5:28:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]
wingsa32.dll 07/04/2008 12:04 PM 32768 C:\WINDOWS\system32\wingsa32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b2a638c-4f7d-11dd-94de-000bdb0f85ef}]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-14 00:53:12 ------------

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-14-2008 7:57 (GMT +1)

Hello

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with a fresh hijackthis log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-15-2008 12:31 (GMT +1)

hello

i d/l the link you said and ran the scan as you also said to do. here are the rusults from the malwarebytes anti-malware & hijackthis

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 2

5:59:59 PM 7/14/2008
mbam-log-7-14-2008 (17-59-59).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 93729
Time elapsed: 37 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\349168 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\371186 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wingsa32.dll (Dialer) -> Delete on reboot.

Deckard's System Scanner v20071014.68
Run by Ryan J DuVall on 2008-07-14 18:17:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ryan J DuVall.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:17 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RYANJD~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Search - ?p=ZCxdm801MTUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7977 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 17:20:50 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Malwarebytes
2008-07-14 17:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-14 17:20:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware <MALWAR~1>
2008-07-13 22:29:34 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-13 22:28:01 0 d-------- C:\Program Files\Memeo
2008-07-13 22:27:52 0 d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-07-13 16:27:49 0 d-------- C:\Program Files\Microsoft DirectX SDK (June 2008) <MIBC72~1>
2008-07-13 16:27:44 0 d-------- C:\WINDOWS\Logs
2008-07-12 21:00:00 0 d-------- C:\Program Files\Windows Sidebar <WINDOW~4>
2008-07-12 20:59:48 0 d-------- C:\Program Files\Norton 360 <NORTON~1>
2008-07-12 20:58:03 0 d-------- C:\Program Files\Symantec
2008-07-12 18:46:05 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2008-07-12 18:13:43 686630 --a------ C:\Program Files\dss.exe
2008-07-12 17:34:48 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Uniblue
2008-07-12 16:40:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-11 23:33:49 0 d-------- C:\Program Files\Kaspersky Lab <KASPER~1>
2008-07-11 23:13:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-11 14:16:28 0 d-------- C:\Program Files\Western Digital <WESTER~2>
2008-07-11 14:16:07 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-11 14:11:58 0 d-------- C:\Program Files\Western Digital Technologies <WESTER~1>
2008-07-06 14:47:15 0 d-------- C:\Program Files\Full Tilt Poker.Net <FULLTI~1.NET>
2008-06-21 23:11:50 0 d-------- C:\Program Files\Soulseek
2008-06-21 23:11:26 842672 --a------ C:\Program Files\slsk156c.exe
2008-06-15 04:05:14 0 d-------- C:\Program Files\UBNet

-- Find3M Report ---------------------------------------------------------------

2008-07-14 18:15:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-13 23:53:54 0 d-------- C:\Program Files\Winamp
2008-07-13 22:38:25 0 d-------- C:\Program Files\Google
2008-07-13 22:30:14 0 d--h----- C:\Program Files\InstallShield Installation Information <INSTAL~1>
2008-07-13 22:29:34 0 d-------- C:\Program Files\Common Files <COMMON~1>
2008-07-13 18:04:00 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Mozilla
2008-07-12 21:45:13 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\mIRC
2008-07-12 21:34:32 0 d-------- C:\Program Files\mIRC
2008-07-11 22:24:47 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Azureus
2008-07-11 14:15:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 22:46:02 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Sony
2008-06-21 22:46:00 0 d-------- C:\Program Files\VstPlugins <VSTPLU~1>
2008-06-12 14:45:34 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\Publish Providers
2008-06-12 14:45:34 0 d-------- C:\Documents and Settings\Ryan J DuVall\Application Data\NetMedia Providers
2008-06-09 23:14:17 0 d--h----- C:\Program Files\Creative Installation Information <CREATI~1>
2008-06-09 23:12:05 0 d-------- C:\Program Files\Creative
2008-06-09 23:11:49 0 d-------- C:\Program Files\Common Files\Creative
2008-05-29 21:27:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-23 17:52:20 0 d-------- C:\Program Files\ms office 2k3 <MSOFFI~1>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 09:08 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/12/2008 09:00 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 09:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [11/03/2006 11:01 AM]
"P17Helper"="P17.dll" [05/02/2005 10:38 PM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 05:22 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 07:23 PM]
"swg"="C:\WINDOWS\system32\regsvr32.exe" [08/04/2004 12:56 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\Ryan J DuVall\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Ryan J DuVall\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [7/13/2008 10:28:15 PM]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [7/6/2007 5:28:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-14 18:21:51 ------------

thx again for your time and effort

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-15-2008 7:43 (GMT +1)

Please check this file:

C:\WINDOWS\system32\regsvr32.exe

Here:

http://virusscan.jotti.org/

Post back the results

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-15-2008 4:47 (GMT +1)

hi

here are the results from the scan

Scan taken on 15 Jul 2008 15:38:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

thx you again for all your time and effort

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-16-2008 1:44 (GMT +1)

Thanks. Nothing to worry about ;-)

How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-16-2008 2:06 (GMT +1)

is faster now. only prob is when IE tries to open i get an error message. (regsvr32 no dll name specified.)

IE will eventually open but the error comes up about 2 to 3 times then IE will open.

thx alot for your time and effort in helping me rid my problems

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-16-2008 3:43 (GMT +1)

Ok- Download and unzip to desktop -

IE reg

http://www.ctrlaltdel.dk/programmer/iereg.zip

Doubleclick on iereg. bat.

Reboot and see if the message have disappeared

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-17-2008 3:45 (GMT +1)

hello
nah it still gives me the error message. here is the message in entirety. (you probably already know what it says, but i might of not been fully clear or misleading in last response)

regsvr32
no dll name specified
/u- unregistered server
/s- silent; display no message box
/i- call dllinstal passing it in optional [cmdline] when used /u calls dll uninstalled
/n- no do not call dll register server; this option must be used with /i

again thx for the time and effort put into this . it is greatly appreciated

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-17-2008 6:32 (GMT +1)

Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe

Reboot, and see if the message are gone

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-18-2008 1:41 (GMT +1)

hello

unfortunately this didn't work. i still keep getting the error message.

as always thanks for all your time and effort in trying to resolve the problem

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-18-2008 6:24 (GMT +1)

Annoying

See if this can help:

http://consumerdocs.installshield.com/selfservice/viewContent.do?externalId=Q108199&sliceId=1

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-18-2008 11:12 (GMT +1)

hello

yes i agree this is becoming very annoying

i tried the link you provided. i tried to register the regsvr.exe file. reply was windows couldnt locate file. i checked it several times to make sure path , file name etc. was correct. i went to C:\windows\system32 to visually see if the regsvr32 file was there. it was. there was also REGSVR32.DLL next to it. ive also set IE7 to no add-ons as this didnt help either

all your time and effort is still appreciated. i cant thank you enough

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-19-2008 6:07 (GMT +1)

Uninstall IE7 from add/remove programs in controlpanel.

Reboot, install it again.

If you still have problems, try Firefox:

http://www.mozilla.com/en-US/firefox/all.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-19-2008 7:14 (GMT +1)

hello

well since i mainly use firefox (IE for only a few items ) i uninstalled IE and set other programs to be accessed with firefox

overall this has been a great sucess!!!!! you did guide me quickly and efficiently in removing the trojans and adware.

i would defiantly recommend this forum and you to anyone who has an issue they cant resolve.

thank you for all your time, patience, and effort in helping me. it has been greatly appreciated

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-19-2008 9:28 (GMT +1)

Glad to hear you´ve solved the problems yeah

Please download OTMoveIt by OldTimer: http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

1. Save it to your desktop.

2. Please double-click OTMoveIt.exe to run it.

3. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.

4. This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Please read Tony Klein's excellent article about how to prevent against spyware/hijackers in the future

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

ukdnb
New Member

Date Joined Jun 2008
Total Posts : 9

Posted 7-19-2008 7:57 (GMT +1)

followed your final instructions and everything is good.

i have just one final question tho. what is your OPINION on firewalls. either hardware or software. ive read many articles arguing both.

i do have a router with firewalls options and also have zonealarm ...now

thank you for any opinion you may have