Pc infected through IE pop-ups & more(RESOLVED)

**sox** · 03-12-2007

I thought I would run Spybot and it seemed like it took a long time to start up so I uninstalled the previous version and downloaded the newest.....although that didn't really help the startup time.....I was pleased that it only found a couple of cookies.......Then I started to run SUPERAntiSpyware and during the scan Avast popped up and reported "A Trojan Horse Was Found!"
File name: C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\R2\REVDRIV E33B.EXE.VIR\[UPX]
Malware name: Win32:Small-IKZ [Trj]
Malware type: Trojan Horse
Recommended action: Move to chest....which I did.

Then another warning: "A Virus Was Found!
File name: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP3\A0000043.EXE
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
Recommended action: Move to chest - again - that's what I did.

Another warning: "A Virus Was Found!"
File name: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP3\A0000056.EXE
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
Recommended action: Move to chest - which I did.

Warning: "A Trojan Horse Was Found!"
File name: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP78\A0010306.EXE\[UPX]
Malware Name: Win32:Small-IKZ [Trj]
Malware type: Trojan Horse
Recommended action: Move to chest - which I did.

"A Virus Was Found!"
File name: C:\WINDOWS\SERVER-NME.EXE
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
Recommended action: Move to chest - which I did.

I canceled the SUPERAntiSpyware scan.

Although you didn't ask for it, I will send another highjack log to see if you detect anything suspicious.

New highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:18 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6619 bytes

How do things look to you?

Thanks.

**Neal** · 03-12-2007

Log is clean.

Super anti-spyware has nothing to do with that. Avast could be detecting quarantined items in super antispyware.

You can also disconnect from the internet,disable avast and run super antispyware if you want. Or uninstall super antispyware, I love and use it all the time.

How is it behaving now, your PC that is.

**sox** · 03-12-2007

Ok - I will do as you suggested (run SuperAntiSpy) - The pc is running fine. No more dll error upon booting - no popups - it looks real good to me! Glad to hear that it looks clean to you. I'll run that scan and perhaps run a virus scan with Avast too and let you know how those turn out.

Thanks Neal.

**Neal** · 03-12-2007

okey dokey then

**sox** · 03-12-2007

Ok here is the log from the last SuperAntiSpy scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/04/2007 at 02:58 PM

Application Version : 3.9.1008

Core Rules Database Version : 3353
Trace Rules Database Version: 1352

Scan type : Complete Scan
Total Scan Time : 04:00:35

Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 5480
Registry threats detected : 0
File items scanned : 241072
File threats detected : 46

Adware.Tracking Cookie
C:\Documents and Settings\Judy\Cookies\judy@msnportal.112.2o7[1].txt
C:\Documents and Settings\Judy\Cookies\judy@adopt.specificclick[2].txt

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010489.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010490.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010491.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010492.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010493.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010494.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010495.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010496.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010497.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010498.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010499.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010500.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010501.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010502.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010503.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010504.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010506.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010538.DLL

Trojan.Downloader-Gen/Cool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010507.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010510.DLL

Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010511.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010512.EXE

Trojan.Downloader-Gen/DDC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010513.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010515.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010516.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010518.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010519.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010520.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010521.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010522.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010523.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010524.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010525.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010526.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010527.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010528.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010529.EXE

Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010532.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010533.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP79\A0010534.DLL

#######################

here is the Avast log:

C:\System Volume Information\_restore{2E14456A-F56A-4A32-B00A-6297F806AA64}\RP84\A0012053.EXE
Win32:Trojan-gen {Other}
Virus/Worm
Recommend: move to chest - done.

ADWARE WAS FOUND!
C:\_OTMoveIt\MovedFiles\VundoFix Backups\nwgnuwrx.dll.bad
Win32:SecBar-B [Adw]
Adware
Recommend -- move to chest - done.

ADWARE
C:\_OTMoveIt\MovedFiles\VundoFix Backups\ognklvix.dll.bad
Win32:SecBar-B [Adw]
ADWARE
Recommend - move to chest - done.

ADWARE
C:\_OTMoveIt\MovedFiles\VundoFix Backups\tyjylqcj.dll.bad
Win32:SecBar-B [Adw]
ADWARE
Recommend - move to chest - done.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
G DRIVE

VIRUS
G:\Documents and Settings\Judy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cou nt3.jar-453deecd-7c874cdc.zip
JS:Exploit-BytVerify-10
Virus/Worm
Recommend: move to chest - done.

###############################

i am currently running AVG again and it has finished the C drive and only found a few tracking cookies - which i will remove once it finished running through the slave drive.

#################################

Is there anything else that I should do?

Thank you!!!

**Neal** · 04-12-2007

Do this just in case more vundo is there: Delete the vundofix you have now, if you still have it.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks.

**Neal** · 04-12-2007

Do this just in case more vundo is there: Delete the vundofix you have now, if you still have it.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks.

**sox** · 04-12-2007

I ran the VundoFix and it reported that there were no files found.

Here's the latest highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:14 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6585 bytes

Thank you for being so thorough!!

Anything else?

**Neal** · 04-12-2007

You are very welcome,

It looks like this is taken care of, log is clean.

Running OK?

I will have some tips and free programs for your consideration if all is well.

If ok you can delete/uninstall all tools we have used.

Let me know.

**sox** · 04-12-2007

Everything seems to be working fine. Any tips that you send our way would be appreciated - I can not thank you enough for all of your patience and help!!!!!!!!!!!!!!!

Pc infected through IE pop-ups & more(RESOLVED)

Re: Pc infected through IE pop-ups & more

Similar Threads

Infected PC

Infected IE

Can you tell me if I'm infected?

Infected PC?

Infected computer