Member Panel

quickieart · 07:20 PM

Hi guys, I'm new to PC Help Forum and I am in dire need of your help. Let me say thanks in advance. I've been infected with the MonoRonaDona virus and it is causing havoc on my pc. I'm runnin Vista Home Premium, and the virus is causing internet explorer browser to come up on startup, also the speed has slowed to a crawl. The pc may shutdown at anytime, whenever it feels like it. Also this messege from MonaRonaDona occupies the bottom right of the screen. I've did all the prework. The AVG did not make a report.

The following is the hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:49:25 PM, on 4/10/2008

Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode:

Normal Running processes: c:\windows\tsi32\tsircusr.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Windows\System32\rundll32.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Users\A\Desktop\CleaningPCHF\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HomePages - Buying a Home, Selling a Home and Loans at HomePages.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\windo ws\tsi32\tsircusr.exe O1 - Hosts: ::1 localhost O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe O4 - HKLM\..\Run: [winlogon] C:\Users\A\AppData\Local\Temp\~DPA67C.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKCU\..\Run: [{50C413FA-25F9-4C54-EB6C-03AE71A313CE}] C:\Users\A\AppData\Roaming:svchost.exe O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe O4 - HKCU\..\Run: [Windows] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [Acer Tour Reminder] (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [{50C413FA-25F9-4C54-EB6C-03AE71A313CE}] C:\Users\A\AppData\Roaming:svchost.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [Windows] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - S-1-5-21-1581442804-2288266718-2229571907-1000 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: SRVSPOOL.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\Windows\System32\TSIRCSRV.EXE -- End of file - 15806 bytes The following is from Super Anti-spyware SUPERAntiSpyware Scan Log SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Generated 04/10/2008 at 01:19 PM Application Version : 4.0.1154 Core Rules Database Version : 3435 Trace Rules Database Version: 1427 Scan type : Complete Scan Total Scan Time : 00:26:13 Memory items scanned : 282 Memory threats detected : 0 Registry items scanned : 8631 Registry threats detected : 24 File items scanned : 26009 File threats detected : 36 Adware.Tracking Cookie C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@doubleclick[1].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@zedo[2].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@adrevolver[2].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@mediaplex[1].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@media.adrevolver[1].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@media.adrevolver[2].txt C:\Users\A\AppData\Roaming\Microsoft\Windows\Cooki es\a@ad.yieldmanager[1].txt Rogue.Netcom3/SpyClean HKU\S-1-5-21-1581442804-2288266718-2229571907-1000\Software\Netcom3 Cleaner HKU\S-1-5-21-1581442804-2288266718-2229571907-1000\Software\SpyClean HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: Setup Version HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: App Path HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#InstallLocation HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: Icon Group HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: User HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: Selected Tasks HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Inno Setup: Deselected Tasks HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1

ninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#QuietUninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Netcom3 Cleaner_is1#InstallDate HKLM\SYSTEM\CurrentControlSet\Services\Netcom3 HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Typ e HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Sta rt HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Err orControl HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Ima gePath HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Dis playName HKLM\SYSTEM\CurrentControlSet\Services\Netcom3#Obj ectName C:\Program Files\Netcom3 Cleaner\Backup C:\Program Files\Netcom3 Cleaner\BackupManager.dll C:\Program Files\Netcom3 Cleaner\Database\Immunizer.db C:\Program Files\Netcom3 Cleaner\Database\Spyware.db C:\Program Files\Netcom3 Cleaner\Database C:\Program Files\Netcom3 Cleaner\hashes.md5 C:\Program Files\Netcom3 Cleaner\Logger.dll C:\Program Files\Netcom3 Cleaner\Logs\2008_04_07.log C:\Program Files\Netcom3 Cleaner\Logs C:\Program Files\Netcom3 Cleaner\MFC71.dll C:\Program Files\Netcom3 Cleaner\msvcp71.dll C:\Program Files\Netcom3 Cleaner\msvcr71.dll C:\Program Files\Netcom3 Cleaner\PscMonitor.dll C:\Program Files\Netcom3 Cleaner\PscMonitor.exe C:\Program Files\Netcom3 Cleaner\RegistryChecker.dll C:\Program Files\Netcom3 Cleaner\RegManagers.dll C:\Program Files\Netcom3 Cleaner\SpyClean.exe C:\Program Files\Netcom3 Cleaner\SpyGuard.dll C:\Program Files\Netcom3 Cleaner\SpywareRemover.dll C:\Program Files\Netcom3 Cleaner\unins000.dat C:\Program Files\Netcom3 Cleaner\unins000.exe C:\Program Files\Netcom3 Cleaner C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netcom3 Cleaner\Netcom3 Cleaner.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netcom3 Cleaner\Uninstall Netcom3 Cleaner.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netcom3 Cleaner C:\Users\A\Desktop\Netcom3 Cleaner.lnk BearShare File Sharing Client C:\USERS\A\DESKTOP\JUNK\BEARSHARE_PRO_V5.2.5.3-DIGERATI\CRACK\BEARSHARE.EXE Rogue.Netcom3/SpyClean-Installer C:\USERS\A\DESKTOP\NETCOM3_SETUP(2).EXE C:\USERS\A\DESKTOP\NETCOM3_SETUP.EXE I await you expert advice. Thanks again, Quickieart

ih8bills

Hi... Welcome to PCHF.

Forum Rules require that HJT logs must be analyzed by experienced Security Team Analysts. This is for your protection... and to give you our best service.

Our Security Team is always very busy-- and as we live all over the Earth...
Time-Zones are also an important factor.

Your patience is greatly appreciated.

Thank You

quickieart · SUPERAntiSpyware Scan Log - 04-10-2008 - 13-19-33.log (4.5 KB, 0 views)

Hi Guys,

Quickieart again,

Yesterday when I made my original post my pc wasn't allowing me to attach the logs but today it is. So I've attached my HijackThis log and my Super Anti-spyware log. AVG did not generate a report but it did send some items to quarantine. I did all the prework prior to running the hijackthis program. And that is the hijackthis log that is attached.

This MonaRonaDona virus is really causing havoc. Please advise and again thanks in advance.

Quickieart

valis

hello quickie, and welcome to the forums.

You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'
O4 - HKLM\..\Run: [winlogon] C:\Users\A\AppData\Local\Temp\~DPA67C.exe
O4 - HKCU\..\Run: [{50C413FA-25F9-4C54-EB6C-03AE71A313CE}] C:\Users\A\AppData\Roaming:svchost.exe
O4 - HKCU\..\Run: [Windows] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe
O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [{50C413FA-25F9-4C54-EB6C-03AE71A313CE}] C:\Users\A\AppData\Roaming:svchost.exe (User '?')
O4 - HKUS\S-1-5-21-1581442804-2288266718-2229571907-1000\..\Run: [Windows] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe (User '?')
O4 - Global Startup: SRVSPOOL.exe

reboot, and continue as below.

We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks,

v

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud