Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I got adware (virtuamode)
New Posts  All Forums:Forum Nav:

I got adware (virtuamode)

post #1 of 9
Thread Starter 
I used adaware, spywaredoctor, nod32

and its not removing, its slowing down my internet browser

what can i do??



Heres the Hijackthis

--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:30:45 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
H:\\WINDOWS\\System32\\smss.exe
H:\\WINDOWS\\system32\\csrss.exe
H:\\WINDOWS\\system32\\winlogon.exe
H:\\WINDOWS\\system32\\services.exe
H:\\WINDOWS\\system32\\lsass.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\WINDOWS\\System32\\svchost.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
H:\\WINDOWS\\system32\\spoolsv.exe
H:\\WINDOWS\\Explorer.EXE
H:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
H:\\Program Files\\Eset\
od32kui.exe
H:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
H:\\Program Files\\Bonjour\\mDNSResponder.exe
H:\\Program Files\\Nero\\Nero 7\\InCD\\InCDsrv.exe
H:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
H:\\Program Files\\Eset\
od32krn.exe
H:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
H:\\WINDOWS\\system32\
vsvc32.exe
H:\\WINDOWS\\system32\\PnkBstrA.exe
H:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
H:\\WINDOWS\\system32\\svchost.exe
H:\\Program Files\\VentSrv\\ventrilo_svc.exe
H:\\Program Files\\VentSrv\\ventrilo_srv.exe
H:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe
H:\\Program Files\\iPod\\bin\\iPodService.exe
H:\\WINDOWS\\System32\\alg.exe
H:\\Program Files\\Winamp\\winamp.exe
H:\\WINDOWS\\system32\\ctfmon.exe
H:\\WINDOWS\\system32\\msiexec.exe
H:\\Program Files\\Mozilla Firefox\\firefox.exe
H:\\Documents and Settings\\Ruchit\\Desktop\\HiJackThis_v2.exe
H:\\WINDOWS\\system32\\wbem\\wmiprvse.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: (no name) - {195F35F2-5F47-472A-8600-BC0AA97A71FA} - H:\\WINDOWS\\system32\\awtst.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\\program files\\google\\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\\Program Files\\Google\\GoogleToolbarNotifier\\2.0.301.7164 \\swg.dll
O2 - BHO: {a04b3cf3-8faa-5b59-ad54-f54c6cfbc1cc} - {cc1cbfc6-c45f-45da-95b5-aaf83fc3b40a} - H:\\WINDOWS\\system32\\yxjnsmlp.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - H:\\WINDOWS\\system32\\yayxyxw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\\program files\\google\\googletoolbar1.dll
O4 - HKLM\\..\\Run: [JMB36X Configure] H:\\WINDOWS\\system32\\JMRaidTool.exe boot
O4 - HKLM\\..\\Run: [nod32kui] "H:\\Program Files\\Eset\
od32kui.exe" /WAITSERVICE
O4 - HKLM\\..\\Run: [SoundMAXPnP] H:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
O4 - HKLM\\..\\Run: [SoundMAX] "H:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe" /tray
O4 - HKLM\\..\\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\\..\\Run: [Logitech Hardware Abstraction Layer] "H:\\Program Files\\Common Files\\Logitech\\KhalShared\\KHALMNPR.EXE"
O4 - HKLM\\..\\Run: [SBCSTray] H:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe
O4 - HKLM\\..\\Run: [RivaTunerStartupDaemon] "H:\\Program Files\\RivaTuner v2.01\\RivaTuner.exe" /S
O4 - HKLM\\..\\Run: [LanguageShortcut] "H:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe "
O4 - HKLM\\..\\Run: [NeroFilterCheck] H:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [iTunesHelper] "H:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE H:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE H:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [QuickTime Task] "H:\\Program Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [58ca76d8] rundll32.exe "H:\\WINDOWS\\system32\\kjhsjfst.dll",b
O4 - HKLM\\..\\Run: [BM6f251068] Rundll32.exe "H:\\WINDOWS\\system32\\qjaasewb.dll",s
O4 - HKCU\\..\\Run: [NVIDIA nTune] "H:\\Program Files\\NVIDIA Corporation\
Tune\
TuneCmd.exe" clear
O4 - HKCU\\..\\Run: [ctfmon.exe] H:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [swg] H:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe
O4 - HKCU\\..\\Run: [VoipBuster] "H:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\\..\\Run: [MSMSGS] "H:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = H:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = H:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\\Program Files\\Java\\j2re1.4.1_07\\bin\
pjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\\Program Files\\Java\\j2re1.4.1_07\\bin\
pjpi141_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\\Program Files\\Messenger\\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\\Program Files\\Yahoo!\\Common\\Yinsthelper.dll
O20 - Winlogon Notify: yayxyxw - H:\\WINDOWS\\SYSTEM32\\yayxyxw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\\WINDOWS\\system32\\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\\WINDOWS\\system32\\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - H:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - H:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\\Program Files\\Nero\\Nero 7\\InCD\\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - H:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: NBService - Nero AG - H:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - H:\\Program Files\\Eset\
od32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\\WINDOWS\\system32\\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\\Program Files\\WinPcap\
pcapd.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - H:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\\Program Files\\Spyware Doctor\\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\\Program Files\\Spyware Doctor\\swdsvc.exe
O23 - Service: Ventrilo - Unknown owner - H:\\Program Files\\VentSrv\\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe

--
End of file - 10290 bytes

--------------------------------------------

theres also a dll file- in the system32 folder (awtst.dll)
First Build ;)
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 @ 1.8ghz Asus P5B Evga 8800GTS 320mb OCZ 2gb 
Hard DriveMonitorPower
2 WDs of 480gb 7200rpm HP 17 OCZ GamexStream 700w 
  hide details  
Reply
First Build ;)
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 @ 1.8ghz Asus P5B Evga 8800GTS 320mb OCZ 2gb 
Hard DriveMonitorPower
2 WDs of 480gb 7200rpm HP 17 OCZ GamexStream 700w 
  hide details  
Reply
post #2 of 9
Try running Spybot S&D in safe mode.
http://www.safer-networking.org/index2.html

You could also use a program like CCleaner to manually remove it from your startup programs in order for you to remove it completely. Most likely it's buried itself in the registry.
Morpheus Mini
(7 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700T SN970 GTX 960 Crucial CT102464BF160B 
Hard DriveOSAudio
Samsung 850 Evo M.2 Windows 10 Pro MOTU Audio Express 
  hide details  
Reply
Morpheus Mini
(7 items)
 
  
CPUMotherboardGraphicsRAM
i7-6700T SN970 GTX 960 Crucial CT102464BF160B 
Hard DriveOSAudio
Samsung 850 Evo M.2 Windows 10 Pro MOTU Audio Express 
  hide details  
Reply
post #3 of 9
I would try a registry cleaner, and do what Chipp recommended.
Dark Helmet
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 3.4ghz, 1.39v DFI LP UT P35-T2R XFX 6970 4gb G.Skill PC8000, 2gb G.Skill PC8500 
Hard DriveOSMonitorKeyboard
OCZ Vertex 2 60gb, WD Black 1tb, Samsung F1 1tb Windows 7 x64 Samsung 206bw Razer Tarantula 
PowerCaseMouse
Seasonic X650 Antec P182 Razer DeathAdder 
  hide details  
Reply
Dark Helmet
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 @ 3.4ghz, 1.39v DFI LP UT P35-T2R XFX 6970 4gb G.Skill PC8000, 2gb G.Skill PC8500 
Hard DriveOSMonitorKeyboard
OCZ Vertex 2 60gb, WD Black 1tb, Samsung F1 1tb Windows 7 x64 Samsung 206bw Razer Tarantula 
PowerCaseMouse
Seasonic X650 Antec P182 Razer DeathAdder 
  hide details  
Reply
post #4 of 9
Nero=phail.

Re-install XP.
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
Edit System
(15 items)
 
  
CPUMotherboardGraphicsRAM
830x4 ASUS blah blah blah PRO/USB3 FiveEightFiveZer0 2x4 AMD entertainment edition memory lolwut 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda >:] WD Scorpio >:] idk lol 212 
OSMonitorKeyboardPower
xx64en_client_en-us_Retail_Ultimate-_EN_DVD LED 23'' 1080P 5MS no dead pixels :D Goodwill 500w PCP+C 80+<3 
CaseMouseMouse Pad
Antec 300 Was a G500 :*( Steel Series 
  hide details  
Reply
post #5 of 9
Quote:
Originally Posted by MileyCyrus
ViewpointService.exe
You can remove it manually by following the below steps;

Go to your Task Manager and select end process on "ViewpointService.exe", and "ViewMgr.exe" if it's there.

Then go to Start > Run and type: services.msc before selecting the Extended tab.

Scroll down the list and find the service called "Viewpoint Manager Service"

When you find the service, double-click on it.

In the Properties Window > General Tab that opens, click the Stop button.

From the drop-down menu next to Startup Type, click on Disabled, then onapply and OK.

Be sure to visit Add/Remove programs to see if anything is installed there and uninstall anything related to Viewpoint such as Viewpoint Manager or Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\\Program Files\\ViewManager\\
C:\\Program Files\\Viewpoint\\
post #6 of 9
You're pretty much screwed. I got virtumonde.exe and it never comes off.
Phrack
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 B3 @ 2.4 ASUS x38 Maximus Extreme Gigabyte 8800 GT G.Skill 2GB DDR3 
Hard DriveOSMonitorKeyboard
WD 250GB SATA/4GB Flash Windows Vista Ultimate 64bit Westinghouse 22" WS 5 MS Logitech G15 Rev2 
PowerCaseMouseMouse Pad
CORSAIR 620HX ANTEC 900 Logitech MX518 FABRIC 
  hide details  
Reply
Phrack
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 B3 @ 2.4 ASUS x38 Maximus Extreme Gigabyte 8800 GT G.Skill 2GB DDR3 
Hard DriveOSMonitorKeyboard
WD 250GB SATA/4GB Flash Windows Vista Ultimate 64bit Westinghouse 22" WS 5 MS Logitech G15 Rev2 
PowerCaseMouseMouse Pad
CORSAIR 620HX ANTEC 900 Logitech MX518 FABRIC 
  hide details  
Reply
post #7 of 9
Quote:
Originally Posted by RickJS View Post
You're pretty much screwed. I got virtumonde.exe and it never comes off.
Virtumonde is completely different to Viewpoint, but a nasty little blighter nonetheless.

Spybot won't get rid of that, you'll need Vundofix.
post #8 of 9
Quote:
Originally Posted by t4ct1c47 View Post
Virtumonde is completely different to Viewpoint, but a nasty little blighter nonetheless.

Spybot won't get rid of that, you'll need Vundofix.
He is right, VundoFix will take care of it most of the time.
PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
q6600 (1.2125 VID) @ 3.7 1.37vcore DFI x38 Dark Visiontek 4870's Crossfired 4GB DDR2-800 GSkill 
Hard DriveOptical DriveOSMonitor
2 x 640gb WD Raid Sony Blu-Ray Writer Windows 7 64bit 32" Sharp Aquos 1080p HDTV 
KeyboardPowerCaseMouse
Razer Lycos BFG 800 watt Antec 900 Razer DeathAdder 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
q6600 (1.2125 VID) @ 3.7 1.37vcore DFI x38 Dark Visiontek 4870's Crossfired 4GB DDR2-800 GSkill 
Hard DriveOptical DriveOSMonitor
2 x 640gb WD Raid Sony Blu-Ray Writer Windows 7 64bit 32" Sharp Aquos 1080p HDTV 
KeyboardPowerCaseMouse
Razer Lycos BFG 800 watt Antec 900 Razer DeathAdder 
Mouse Pad
Razer eXactMat 
  hide details  
Reply
post #9 of 9
Run Hijackthis again and choose Do a system scan only. Check the following entries:
O2 - BHO: (no name) - {195F35F2-5F47-472A-8600-BC0AA97A71FA} - H:\\WINDOWS\\system32\\awtst.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {a04b3cf3-8faa-5b59-ad54-f54c6cfbc1cc} - {cc1cbfc6-c45f-45da-95b5-aaf83fc3b40a} - H:\\WINDOWS\\system32\\yxjnsmlp.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - H:\\WINDOWS\\system32\\yayxyxw.dll
O4 - HKLM\\..\\Run: [58ca76d8] rundll32.exe "H:\\WINDOWS\\system32\\kjhsjfst.dll",b
O4 - HKLM\\..\\Run: [BM6f251068] Rundll32.exe "H:\\WINDOWS\\system32\\qjaasewb.dll",s
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: yayxyxw - H:\\WINDOWS\\SYSTEM32\\yayxyxw.dll

Click the Fix Checked button

! Delete the folder backups in H:\\Documents and Settings\\Ruchit\\Desktop\\.

Download the KillBox tool to your desktop.
Copy the file names below:
Quote:
--Select from the line below

H:\\WINDOWS\\system32\\awtst.dll
H:\\WINDOWS\\system32\\yxjnsmlp.dll
H:\\WINDOWS\\system32\\yayxyxw.dll
H:\\WINDOWS\\system32\\kjhsjfst.dll
H:\\WINDOWS\\system32\\qjaasewb.dll
--Until the line above
Run the killbox and go to the menu File -> Paste from clipboard.
Check the option Delete on Reboot and click in the X. Click OK and let it restart.

! Delete the folder H:\\!KillBox

! Run CCleaner again and remove all temporary file as well IE temporary files.

Setup your NOD32 like this:
Open the Control Center.
Amon -> Setup. Tab Options and check the option Potentially unsafe Applications.Click the OK button.
Dmon -> Setup. Ckeck the option Potentially unsafe Applications. Click the OK button.
Emon -> Setup. Option Scanner -> Detection check the option Potentially unsafe Applications. Click the OK button.
Imon -> Miscelellaneous Tab -> Setup and check the option Potentially unsafe Applications. Click the OK button.
Hide the Control Center.

Update and run a full scan.

Sometimes this virtumonde get back again and you need to run the steps above. But since this adware keeps renaming those files, you'll need to post a new Hijackthis log, so I second what slaney30 said.
Download VundoFix and follow the instructions in its page.
Then, post a new hijackthis log here.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I got adware (virtuamode)