Antivirus gold questions

Unknown

Hi.

Having problems removing the following:

SecurityRisk.Downldr

Adware.Topantispyware

It all started with the AntiVirus Gold 'application' that downloaded itself to my comp. I managed to remove the wallpaper thing it does, as well as remove it from the task manager bar.

But I'm still having issues with my IE in that I can't reset my homepage and the adware is downloading sites to my favourites list. The tutorial supplied on this site had a step to goto your display options and find a 'website tab,' and change security settings - a tab I coulnd't find.

Have run updated Spybot (which doesn't show anything up) and Norton Anti-Virus 2002 (which no longer shows the threat up). Though by running the scan on the Symantec site it shows the following: (note: There were other issues it showed up but I have managed to remove them, following are what remain after a second scan:) )


This is the infomation supplied from a virus check at Symantec.com:

Your computer is infected with at least one known virus or Trojan horse.

C:\WINDOWS\system32\iqvxw.dll is infected with Adware.Iefeats
C:\WINDOWS\Downloaded Program Files\UGO20.exe is infected with SecurityRisk.Downldr



And here is the log from HJT:

Logfile of HijackThis v1.99.1
Scan saved at 4:24:26 p.m., on 21/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\javayw.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Rage3DTweak\regtwk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\msreg.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\javawn32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads.windowsmediasolutions.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ads.windowsmediasolutions.com/home.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ads.windowsmediasolutions.com/home.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7E2E424C-CA3E-2380-8EDE-6E1143E54FD8} - C:\WINDOWS\system32\netrl32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\regtwk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APIMon] C:\WINDOWS\msreg.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [javawn32.exe] C:\WINDOWS\system32\javawn32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Actual Window Manager] C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117272931562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Thanks for any help anyone can offer

Shadow2018

Make sure you can view all hidden files:

Open my computer>click tools>click folder options>
click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit

Boot into safe mode. To enter safe mode>reboot>tap f8 at the start up screen>select safe mode from the menu.

Close all open windows and run Hijack This. Place a checkmark next to these entries and click Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ads.windowsmediasolutions.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ads.windowsmediasolutions.com/home.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ads.windowsmediasolutions.com/home.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iqvxw.dll/sp.html#14414
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7E2E424C-CA3E-2380-8EDE-6E1143E54FD8} - C:\WINDOWS\system32\netrl32.dll
O4 - HKLM\..\Run: [javawn32.exe] C:\WINDOWS\system32\javawn32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

Delete these files or directories if they exist:

C:\WINDOWS\system32\iqvxw.dll
C:\WINDOWS\system32\netrl32.dll
C:\WINDOWS\system32\javawn32.exe
C:\WINDOWS\SYSTEM32\reset5.dll
C:\WINDOWS\javayw.exe
C:\WINDOWS\system32\srvany.exe

Reboot and run these online scans:

activescan

Bitdefender

Save the results of the activescan online scan and post those results along with a new Hijack This log.

sect

Thankyou for your help

here is the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 3:20:44 p.m., on 25/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Rage3DTweak\regtwk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\msreg.exe
C:\WINDOWS\msreg.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\IPWireless Inc\IPWireless PC Software\UEStatus.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\HighJackThis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\regtwk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APIMon] C:\WINDOWS\msreg.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Actual Window Manager] C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117272931562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EB2ECB8-B20F-4F33-BA1E-0D86844DEB2B}: NameServer = 202.74.207.10 202.74.207.100
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



The ActiveScan I could not get to work (can anyone else?), but I copied the logs from the Butdefender scan (which picked up the trojan but coulnd't get rid of it completley). Then I used the AVG free software which deleted two files of Trojan origin... Sorry if I have made this all confusing in some way. The HJT scan was done after all the virus removal scans etc.

Scanned File


Status

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP5\A0000382.pif=>:vwufyx:$DATA


Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP5\A0000382.pif=>:vwufyx:$DATA


Disinfection failed

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP5\A0000382.pif=>:vwufyx:$DATA


Deleted

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP5\A0000382.pif


Updated

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001360.pif=>:vwufyx:$DATA


Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001360.pif=>:vwufyx:$DATA


Disinfection failed

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001360.pif=>:vwufyx:$DATA


Deleted

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001360.pif


Updated

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001371.dll


Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001371.dll


Disinfection failed

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001371.dll


Deleted

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001374.exe


Infected with: GenPack:Trojan.Agent.BI

C:\System Volume Information\_restore{B47CA8A4-C3A2-4A53-B3B7-87DC883930B3}\RP6\A0001374.exe


Deleted

C:\WINDOWS\Downloaded Program Files\UGO20.exe


Infected with: Trojan.Downloader.Small.FE

C:\WINDOWS\Downloaded Program Files\UGO20.exe


Disinfection failed

C:\WINDOWS\Downloaded Program Files\UGO20.exe


Deleted

C:\WINDOWS\system32\bdl14026.exe=>wise0005


Infected with: Trojan.Downloader.Revop.C

C:\WINDOWS\system32\bdl14026.exe=>wise0005


Disinfection failed

C:\WINDOWS\system32\bdl14026.exe=>wise0005


Deleted

C:\WINDOWS\system32\bdl14026.exe


Update failed

C:\WINDOWS\_default.pif=>:vwufyx:$DATA


Infected with: Trojan.Downloader.Winshow.AK

C:\WINDOWS\_default.pif=>:vwufyx:$DATA


Disinfection failed

C:\WINDOWS\_default.pif=>:vwufyx:$DATA


Deleted

C:\WINDOWS\_default.pif


Updated

Shadow2018

Download Panda's trial version. You will need to shut down Norton's A-V and firewall prior to setup of titanium A_V. Save the log file and post it when you can.

sect

Shadow2018 wrote:

Download Panda's trial version. You will need to shut down Norton's A-V and firewall prior to setup of titanium A_V. Save the log file and post it when you can.

I can't seem to install the Panda application due to the Norton AV issue (it asks that I uninstall Norton before it can run). How do I disable Norton AV and firewall ? I turned off Nortons auto protect functions.

Sorry to be a pain

Shadow2018

We need to remove this service.

Click Start -> Run -> (type) services.msc

Scroll down and find the service called Remote Procedure Call. When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.


Also disable all Symantec/Norton services here so you can run Panda.

Now delete this file:
C:\WINDOWS\javayw.exe

Now setup Panda's Titanium Virus. This program also has a firewall so do not be confused. It is very similar to Norton. Once setup is complete please run Panda Titanium and save the results. You may have to copy and paste them to notepad.


Reboot and post a new hijackthis log and the results from Panda.

sect

i have losT CoNTrol of keyboard:bawling: (copy and pasted this )Panda Titanium Antivirus 2005 incident report


EVENT DATE RESULTS ADDITIONAL INFORMATION

---

Scan completed 07/27/05 20:49:31 Scan: All hard disks
Adware detected: Adware/Antivirus-gold 07/27/05 20:29:59 Eliminated Location: C:\Documents and Settings\Nic\Local Settings\Temp\iafp.exe
Adware detected: Adware/Antivirus-gold 07/27/05 20:29:52 Eliminated Location: Windows Registry
Spyware detected: Cookie/Imrworldwide 07/27/05 20:29:28 Eliminated Location: C:\Documents and Settings\Nic\Cookies\nic@cgi-bin[2].txt
Spyware detected: Cookie/Com.com 07/27/05 20:29:28 Eliminated Location: C:\Documents and Settings\Nic\Cookies\nic@com[2].txt
Spyware detected: Cookie/Apmebf 07/27/05 20:29:28 Eliminated Location: C:\Documents and Settings\Nic\Cookies\nic@apmebf[2].txt
Spyware detected: Cookie/Belnk 07/27/05 20:29:28 Eliminated Location: C:\Documents and Settings\Nic\Cookies\nic@dist.belnk[2].txt
Spyware detected: Cookie/RealMedia 07/27/05 20:29:28 Eliminated Location: C:\Documents and Settings\Nic\Cookies\nic@realmedia[1].txt
Spyware detected: Cookie/Statcounter 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.statcounter.com/]
Spyware detected: Cookie/RealMedia 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/Hbmediapro 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Hbmediapro 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Hbmediapro 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Falkag 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.as-us.falkag.net/]
Spyware detected: Cookie/Hbmediapro 07/27/05 20:29:18 Eliminated Location: C:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\dxpzweyz.default\cookies.txt[.adopt.hbmediapro.com/]
Scan started 07/27/05 20:28:26 Scan: All hard disks
Scan completed 07/27/05 20:28:11 Scan: All My Computer
Adware detected: Adware/CWS.Yexe 07/27/05 20:28:07 Eliminated Location: C:\WINDOWS\System32\mpg4ds32.ax
Scan started 07/27/05 20:28:04 Scan: All My Computer
Adware detected: Adware/nCase 07/27/05 20:27:47 Eliminated Location: Windows Registry
Update 07/27/05 20:27:18 OK New virus signatures: 8270
Update 07/27/05 18:24:07 Incorrect Error: Error connecting to the update server
Spyware detected: Spyware/AdClicker 07/27/05 18:23:15 Eliminated Location: c:\windows\system32\bdl14026.exe
Virus detected: Trojan Horse.AP 07/27/05 18:22:07 Disinfected Location: c:\windows\msreg.exe Logfile of HijackThis v1.99.1
Scan saved at 9:05:47 p.m., on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Rage3DTweak\regtwk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\IPWireless Inc\IPWireless PC Software\UEStatus.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\HighJackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\regtwk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Actual Window Manager] C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117272931562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EB2ECB8-B20F-4F33-BA1E-0D86844DEB2B}: NameServer = 202.74.207.10 202.74.207.100
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Shadow2018

We need to remove this service.
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe (file missing)


Click Start -> Run -> (type) services.msc

Scroll down and find the service called System Startup Service When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.


Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
Copy and paste this into the text box and click OK.

Remote Procedure Call Helper


Reboot and post a new hijackthis log.

sect

I am unable to use my keyboard (not sure why, it recently stoped working when I was accessing things in the systems window) (hence using my flatmates comp right now to type this) so cannot do functions relying on typing (getting good at copying and pasting letters with my mouse lol).

I could not remove O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe (file missing)
- a box comes up saying that it cannot find it in the registry or something similar.

I'm starting to wonder if I should just take my harddrive out and copy everyhting to my flatmates comp, then defrag it and reinstall windows...

Just that its near impossible to do anything on my box and that I need it to be working within the next few days (in saying that my comp is completley useless to me atm - no keyboard and occasional system freezes).

Do you think that this problem can be fixed considering the issues Im having?

BTW thankyou very much with all this help. Very appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:59:45 p.m., on 28/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Rage3DTweak\regtwk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\IPWireless Inc\IPWireless PC Software\UEStatus.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\HighJackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\regtwk.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Actual Window Manager] C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117272931562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EB2ECB8-B20F-4F33-BA1E-0D86844DEB2B}: NameServer = 202.74.207.10 202.74.207.100
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javayw.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

sect

Hello hello hello

Shadow2018

Shut down your computer then unplug your keyboard. Reboot and plug your keyboard back in. Reboot again. If this doesn't work then follow the instructions below to do a repair of windows.


Do a repair install of windows by placing the windows disk in your cd-drive. From the menu select install windows. It will recognize the previously installed OS. You will see another menu. From the second menu select repair current windows installation. This should take care of that.

Let me know if this works. Post a new log.

sect

Hey, just wanted to say thanks for all your help.

Ended up having a technician fix it for me, he said I managed to remove the virus completley (thanks to your help) but there was severe damage done in ways I can't comprehend. Got a clean OS install and the comp is working fine.

thanks for all your time and help once again.

ez

Shadow2018

Here are a few tips to help keep you clean.

1. Be sure to get all Microsoft security updates as they become available. This includes service pack 2 if you do not have it.

2. Get Spywareblaster

http://www.javacoolsoftware.com/spywareblaster.html

3. Be sure to keep your anti-virus and spyware programs updated frequently and run them often.


If you need this thread re-opened just send me a pm and let me know.