Monox: need help

I am having the issue with the same virus, my anti-vrius keeps popping up with a virus warning stating that random .dll files are infected. I really owudl like to get this virus removed any help would be appreciated. I have run Hijack this and have the log to post if it can be of use.


Logfile of HijackThis v1.99.1
Scan saved at 1:10:57 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UniUploader\UniUploader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler\Desktop\VundoFix.exe
C:\Documents and Settings\Tyler\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\urqqoop.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UniUploader] C:\Program Files\UniUploader\UniUploader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://webdesk.redcross.ca/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADD019C-5E80-4417-899E-542C701C01EA}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: urqqoop - C:\WINDOWS\SYSTEM32\urqqoop.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thnks very much.

Comments

  • TroganTrogan London, UK
    edited February 2007
    Hi Monox

    I've split your post so you have your own thread.

    I see you have downloaded VundoFix. Have you run it? If so, I'll need to see the its log. It can be found at C:\vundofix.txt

    Do you have a Firewall?
  • edited February 2007
    Yes i have run vundo but does not find any files that are infected. I had a firewall i need to reinstall it.
  • edited February 2007
    the viruses have lots of variants but this looks like the same problem of mine. randomly generated dll files. deleting them isnt working they generate again immediately. so must find the source of this. unhide the operational system files from the folder options menu and try avg antivirus again. avg dont search them in default. with a strong firewall it reveal itself easly.it can hide behind system file properties.
  • edited February 2007
    Would Zone Alarm be a good choice for a firewall or is there another free alternative that would be a better choice.
  • TroganTrogan London, UK
    edited February 2007
    Hi Monox

    Please download one Firewall from the list below - They are Free!

    Comodo <-- I recommend this
    Zone Alarm
    Sunbelt Kerio PF
    Outpost Firewall

    We now need to run VundoFix slightly different.
    • Double-click VundoFix.exe to run it.
    • Right Click inside the listbox (white box) and click Add more file?
    • Copy & Paste the 2 entries below into the top 2 boxes

      • C:\WINDOWS\system32\urqqoop.dll
      • C:\WINDOWS\system32\pooqqru.*

    • Click Add Files and click Close Window
    • Click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
  • edited February 2007
    I have run Vundofix the way you told me to and run another HJT here are the logs:


    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqqoop.dll
    C:\WINDOWS\system32\urqqoop.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\urqqoop.dll
    C:\WINDOWS\system32\urqqoop.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqqoop.dll
    C:\WINDOWS\system32\urqqoop.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 6:42:58 AM, on 2/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\UniUploader\UniUploader.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Tyler\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\urqqoop.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [UniUploader] C:\Program Files\UniUploader\UniUploader.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://webdesk.redcross.ca/msrdp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADD019C-5E80-4417-899E-542C701C01EA}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • TroganTrogan London, UK
    edited February 2007
    Hi Monox

    You haven't downloaded a Firewall yet. Its important that you do or enable Windows Firewall.

    Please do the following...

    1. Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\urqqoop.dll (file missing)


    - Close ALL open windows (especially Internet Explorer!)
    - Click Fix Checked
    Close HiajckThis

    2. I need to see another log from HijackThis.
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.
    3. Please post the uninstall list and a new HijackThis log.
  • edited February 2007
    I had a firewall downloaded just wasnt installed when i ran HJT, i have removed the 2 entries from the HJT log and ran the other two scans like you said i should here are the logs:



    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 6.0.1
    Adobe Stock Photos 1.0
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Display Driver
    AVG 7.5
    COMODO Firewall Pro
    DAEMON Tools
    DivX
    DivX Player
    DVD Solution
    EA.com Update
    Half Life Player RC1
    HijackThis 1.99.1
    HLSW v1.0.0.44
    ImgBurn (Remove Only)
    InCD
    iPod for Windows 2005-09-23
    iPod for Windows 2006-01-10
    iPod for Windows 2006-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    JunglePoker 2.0.8
    LimeWire PRO 4.10.3
    Macromedia Shockwave Player
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Microsoft Office Excel Viewer 2003
    mIRC
    Mozilla Firefox (1.5.0.10)
    MSN Music Assistant
    Multimedia Launcher
    Nero OEM
    NVIDIA Drivers
    PokerStars
    PowerDVD
    PowerProducer
    Prey
    QuickTime
    Realtek AC'97 Audio
    SmartFTP Client 2.0
    SmartFTP Client 2.0 Setup Files (remove only)
    Spybot - Search & Destroy 1.4
    Steam
    TeamSpeak 2 RC2

    Logfile of HijackThis v1.99.1
    Scan saved at 1:40:14 PM, on 2/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\UniUploader\UniUploader.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Tyler\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [UniUploader] C:\Program Files\UniUploader\UniUploader.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://webdesk.redcross.ca/msrdp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADD019C-5E80-4417-899E-542C701C01EA}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • TroganTrogan London, UK
    edited February 2007
    Hi Monox. We're almost done!

    Please do the following...

    1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 .
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement."
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
      • J2SE Runtime Environment 5.0 Update 1
      • J2SE Runtime Environment 5.0 Update 10
      • J2SE Runtime Environment 5.0 Update 4
      • J2SE Runtime Environment 5.0 Update 5
      • J2SE Runtime Environment 5.0 Update 6
      • J2SE Runtime Environment 5.0 Update 9
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
    2. Please do an online scan with Panda ActiveScan

    - Once you are on the Panda site, click the Scan your PC button
    - A new window will open...click the Check Now button
    - Enter your Country
    - Enter your State/Province
    - Enter your e-mail address and click send
    - Select either Home User or Company
    - Click the big Scan Now button
    - If it wants to install an ActiveX component allow it
    - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    - When download is complete, click on Local Disks to start the scan
    - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    Post the contents of the Panda scan report, along with a new HijackThis Log
  • edited February 2007
    Here are the scan results:


    Incident Status Location

    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.entrepreneur.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.tucows.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\spoidmi4.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@doubleclick[2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@i.screensavers[2].txt
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@landing.domainsponsor[1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@maxserving[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@overture[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@questionmarket[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@realmedia[2].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@revenue[1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@server.iad.liveperson[1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@tribalfusion[2].txt
    Hacktool:Hacktool/Hammer Not disinfected C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\urqqoop.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\awtqomj.dll




    Logfile of HijackThis v1.99.1
    Scan saved at 1:28:36 PM, on 2/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\UniUploader\UniUploader.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Steam\Steam.exe
    C:\Documents and Settings\Tyler\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [UniUploader] C:\Program Files\UniUploader\UniUploader.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://webdesk.redcross.ca/msrdp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADD019C-5E80-4417-899E-542C701C01EA}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • TroganTrogan London, UK
    edited February 2007
    Hi Monox

    Your log is clean, but Panda found some things we need to address.

    Please do the following...

    Run HijackThis and click on Open the Misc Tools section.
    Click on Delete a file on reboot...
    Copy and paste the following into the "File name:" text box and then click Open:

    C:\WINDOWS\system32\awtqomj.dll

    When you are asked "Do you want to restart your computer now?", click OK.

    Your PC MUST reboot to delete the file!

    Next, Panda found this:
    Hacktool:Hacktool/Hammer Not disinfected C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe
    I would like to get the file scanned.
    • Go to VirusTotal
    • Copy and paste the following file path into the Search Box at the top of the page:
        C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe
      [*]Click on the Send button
      [*]Save a copy of the results and post them in your next reply.
    • edited February 2007
      Im currently at work but i will run HJT when i get home, as for that file you wanted scanned i removed it from my PC it was a program I originally used to make sprays/Tags for Counterstrike but i have a better alternative now.

      Thanks for all the help and I will run HJT when i get home.
    • edited February 2007
      Ok i have run HJT this and removed the file you told me too. As i stated before i did not run Virustotal on the other file becuase it has been removed from my computer.

      My computer seems to be running prefect again.


      Thanks for all your help, very much appreciated. :D

      Monox
    • TroganTrogan London, UK
      edited February 2007
      In that case, I would delete the Halflife Logo Creator folder.

      Glad I could be of assistance!

      This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

      Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

      If you are not the user who started this thread, you must start a new Thread instead :)

      Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
    This discussion has been closed.