Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum  
Forum Quick Jump
 
New Topic Post reply to : Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum Printable version of : Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum
[ << Previous Thread | Next Thread >> ]

hmalice
New Member


Date Joined Aug 2008
Total Posts : 1
  		   Posted 8-28-2008 1:50 (GMT +1)    Quote: Kollah, win32 & Antivirus XP 2008 all removed thanks to this forumAlert an admin about: Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum
Thank you for all of your help. I followed the simple steps from www.bullguard.com/forum/pr.aspx?f=14&m=43561, and it seemed to fix everything that was so horribly wrong with my computer. I'm not very good with computer code or anything like that, and with some patience, the steps were very easy to follow. Here are my logs:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:37 AM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xatcore - C:\WINDOWS\SYSTEM32\xatcore.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware  (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 8944 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/26/2008 at 02:34 PM
Application Version : 4.20.1046
Core Rules Database Version : 3541
Trace Rules Database Version: 1530
Scan type       : Quick Scan
Total Scan Time : 00:15:00
Memory items scanned      : 538
Memory threats detected   : 2
Registry items scanned    : 375
Registry threats detected : 11
File items scanned        : 2297
File threats detected     : 100
Rogue.AntiVirus XP 2008
 C:\PROGRAM FILES\RHCNUDJ0ELKP\RHCNUDJ0ELKP.EXE
 C:\PROGRAM FILES\RHCNUDJ0ELKP\RHCNUDJ0ELKP.EXE
 C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
Rogue.MalwareProtector/Variant
 C:\WINDOWS\SYSTEM32\PPHCJUDJ0ELKP.EXE
 C:\WINDOWS\SYSTEM32\PPHCJUDJ0ELKP.EXE
Rootkit.Cloaked/Service-GEN
 HKLM\system\controlset001\services\276594a5
 C:\WINDOWS\SYSTEM32\DRIVERS\276594A5.SYS
 HKLM\system\controlset003\services\276594a5
RootKit.PowerXT
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\powerxt
 C:\WINDOWS\SYSTEM32\POWERXT.DLL
Adware.Tracking Cookie
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@nextag[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bizjournals.112.2o7[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-foxsports.hitbox[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.euroclick[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@s.clickability[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media6degrees[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media.adrevolver[3].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.revsci[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bizrate[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@rocku.adbureau[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@neocounter.neoworx-blog-tools[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@interclick[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@richmedia.yahoo[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dmtracker[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media.adrevolver[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adserver.adtechus[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@socialmedia[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.googleadservices[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adlegend[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@partner2profit[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.googleadservices[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.googleadservices[4].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tns-counter[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@dynamic.media.adrevolver[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@banners.andomedia[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-campaignsolutions.hitbox[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@celebrateexpress.122.2o7[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.bridgetrack[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@microsoftwindows.112.2o7[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@chitika[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@collective-media[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
 C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@snap9.advertserve[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@thunderbolt.adjuggler[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@questionmarket[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@atwola[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@apmebf[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@casalemedia[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@bravenet[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@tribalfusion[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@anat.tacoda[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@serving-sys[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@ad.yieldmanager[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@msnportal.112.2o7[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@anad.tacoda[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@fastclick[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@realmedia[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@ads.medbanner[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@insightexpressai[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@kanoodle[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@mediaplex[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@doubleclick[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@ads.pointroll[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@as-us.falkag[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@media.adrevolver[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@statcounter[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@rotator.dex.adjuggler[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@partner2profit[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@2o7[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@atdmt[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@adopt.euroclick[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@specificclick[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@www.cotteradvertising[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@media.fastclick[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@tacoda[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@perf.overture[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@adopt.specificclick[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@advertising[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@nextag[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@rotator.adjuggler[2].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@maxserving[1].txt
 C:\Documents and Settings\Assistant\Cookies\assistant@trafficmp[1].txt
Trojan.DNSChanger-Codec
 HKLM\Software\1
 HKLM\Software\1#31AC70412E939D72A9234CDEBB1AF5867B
 HKLM\Software\1#31897356954C2CD3D41B221E3F24F99BBA
 HKLM\Software\1#31C2E1E4D78E6A11B88DFA803456A1FFA5
 HKLM\Software\9
 HKLM\Software\9#31AC70412E939D72A9234CDEBB1AF5867B
 HKLM\Software\9#31897356954C2CD3D41B221E3F24F99BBA
 HKLM\Software\9#31C2E1E4D78E6A11B88DFA803456A1FFA5
ComboFix 08-08-27.05 - Compaq_Administrator 2008-08-28  7:13:18.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.134 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Assistant\Cookies\assistant@my.clearchannelradio[1].txt
C:\Documents and Settings\Assistant\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Compaq_Administrator\Application Data\rhcnudj0elkp
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Program Files\rhcnudj0elkp
C:\WINDOWS\g32.txt
C:\WINDOWS\system32\blphcjudj0elkp.scr
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\276594a5.sys
C:\WINDOWS\system32\k86.bin
C:\WINDOWS\system32\lphcjudj0elkp.exe
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\phcjudj0elkp.bmp
C:\WINDOWS\system32\REGOBJ.DLL
D:\Autorun.inf
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Service_276594a5
-------\Service_sysrest.sys

(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-28  )))))))))))))))))))))))))))))))
.
2008-08-28 06:55 . 2008-08-28 06:55 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-08-26 15:22 . 2008-08-26 15:22 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-26 15:04 . 2008-08-26 15:04 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Dr Delete
2008-08-26 14:57 . 2008-08-26 15:02 <DIR> d-------- C:\Program Files\CCleaner
2008-08-26 14:19 . 2008-08-28 07:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-08-26 14:17 . 2008-08-26 14:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-26 14:17 . 2008-08-26 14:17 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\PC Tools
2008-08-26 14:17 . 2008-08-26 14:17 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\PC Tools
2008-08-26 14:17 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-26 14:17 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-26 14:17 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-26 14:17 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 14:11 . 2008-08-26 14:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-08-26 14:10 . 2008-08-26 14:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-26 14:10 . 2008-08-26 14:10 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-26 14:10 . 2008-08-26 14:10 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
2008-08-26 14:04 . 2008-08-26 13:41 625,208 --a------ C:\WINDOWS\system32\5.tmp
2008-08-26 13:59 . 2008-08-26 13:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-26 13:59 . 2008-08-26 13:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-08-26 13:58 . 2008-08-26 14:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 13:33 . 2008-08-26 13:33 <DIR> d-------- C:\WINDOWS\Performance
2008-08-26 13:33 . 2008-08-26 13:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2008-08-26 13:32 . 2008-08-26 13:32 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-08-26 13:12 . 2008-08-26 13:12 <DIR> d-------- C:\Program Files\Sun
2008-08-26 13:02 . 2008-08-26 13:02 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Application Data\sysproc64
2008-08-26 12:40 . 2008-08-26 12:40 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-26 12:40 . 2008-08-26 13:15 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-08-26 12:27 . 2008-08-26 12:27 <DIR> d--hs---- C:\Documents and Settings\LocalService\Application Data\sysproc64
2008-08-26 12:06 . 2008-08-26 12:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-26 12:06 . 2008-08-26 12:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-26 07:09 . 2008-08-28 07:23 <DIR> d--hs---- C:\WINDOWS\system32\sysproc64
2008-08-05 07:03 . 2008-08-05 13:24 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-07-31 07:29 . 2008-08-19 15:27 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-31 07:28 . 2004-08-03 23:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-07-31 07:28 . 2004-08-03 23:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys
2008-07-29 10:44 . 2008-07-29 10:44 21,614 --a------ C:\WINDOWS\system32\xatcore.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:11 --------- d-----w C:\Program Files\Java
2008-08-26 17:45 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-08-26 17:39 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2008-08-26 17:39 --------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
2008-07-24 18:55 --------- d-----w C:\Program Files\VisualEdit
2008-07-22 15:04 60,744 ----a-w C:\Documents and Settings\Compaq_Administrator\g2mdlhlpx.exe
2008-07-22 15:04 --------- d-----w C:\Program Files\Citrix
2008-07-10 16:19 --------- d-----w C:\Program Files\Best Buy Rhapsody
2008-07-10 16:09 --------- d-----w C:\Program Files\Real
2008-07-10 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 15:47 --------- d-----w C:\Program Files\Musicmatch
2008-07-10 15:46 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Musicmatch
2008-07-10 15:46 --------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Musicmatch
2008-07-10 13:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-03 12:20 --------- d-----w C:\Program Files\MySpace
2008-04-03 18:16 406 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-04-03 18:16 406 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2006-04-10 13:49 1,442,232 ----a-w C:\Program Files\ccsetup128.exe
.
[color=blue]Infected C:\WINDOWS\system32\user32.dll hex repaired[/color]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 07:40 68856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 05:31 126976]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 17:34 245760]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-02 11:42 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-02 11:49 98304]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2007-01-23 15:26 3429904]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 16:04 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 16:04 110592]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-06-02 11:52:59 45056]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-06 19:40:54 815104]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2005-10-12 08:36:12 1056864]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\oembios.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xatcore]
2008-07-29 10:44 21614 C:\WINDOWS\system32\xatcore.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Intuit\\QuickBooks\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\FrontPage Webs\\Server\\vhttpd32.exe"=
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f33853-6015-11da-8304-0013d4bf24dd}]
\Shell\AutoRun\command - J:\LaunchU3.exe
*Newly Created Service* - PCANDIS5
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcjudj0elkp - C:\WINDOWS\system32\lphcjudj0elkp.exe
HKLM-Run-SMrhcnudj0elkp - C:\Program Files\rhcnudj0elkp\rhcnudj0elkp.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla\Firefox\Profiles\gh7twbpl.default\
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 07:25:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xatcore.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TSC.EXE
.
**************************************************************************
.
Completion time: 2008-08-28  7:34:26 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-28 12:34:06
Pre-Run: 57,891,475,456 bytes free
Post-Run: 57,940,967,424 bytes free
208 --- E O F --- 2008-08-28 12:01:38
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 8-29-2008 3:30 (GMT +1)    Quote: Kollah, win32 & Antivirus XP 2008 all removed thanks to this forumAlert an admin about: Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum
Hello smile
 
 
Seems to be clean, however I´ll suggest you run one more scan -
 
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh hijackthis log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
New Topic Post reply to : Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum Printable version of : Kollah, win32 & Antivirus XP 2008 all removed thanks to this forum
 
Forum Information
Currently it is Wednesday, December 03, 2008 12:03 AM (GMT +1)
There are a total of 64.507 posts in 15.908 threads.
In the last 3 days there were 17 new threads and 84 reply posts. View Active Threads
Who's Online
This forum has 27322 registered members. Please welcome our newest member, imezeguy.
33 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Need virus removal help - malwarebytes etc (5)02-12-2008 19:12:25 (Jonathan_ll)
Help please !!!!! (0)02-12-2008 18:12:57 (RERAZOR)
Trojan Horse Downloader Generic EPY (0)02-12-2008 17:40:36 (ah ying)
Command Service (8)02-12-2008 17:11:50 (yogendra)
Virtrigger removal (10)02-12-2008 15:16:23 (JHT)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard