Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

error loading aunps2.dll

Started by turnups , May 09 2006 08:51 PM

  • Please log in to reply

#1
turnups
Posted 09 May 2006 - 08:51 PM

turnups

    New Member

  • Member
  • Pip
  • 7 posts
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ADSLDPC9.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\f0vu0feq.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6A295279-D812-7EFF-7D4F-AEE2E491E4FA} - C:\WINDOWS\psjermyy.dll
O2 - BHO: (no name) - {C6AB00BC-4C3B-AE0A-2171-55A73C753F5B} - C:\WINDOWS\psjermyy.dll
O3 - Toolbar: Search - {8FDA3906-B674-AF29-494B-407BF064B3E5} - C:\WINDOWS\psjermyy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [b27d01caf630] C:\WINDOWS\system32\ADSLDPC9.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecop32.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\elitewjs32.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [f0vu0feq] C:\WINDOWS\system32\f0vu0feq.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Scheduled Maintenance] C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\Cache\Advtg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134617272718
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA5F4ACF-FFAE-4622-B755-67632FFF2D39}: NameServer = 205.171.3.65 205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
  • 0

Advertisements

#2
don77
Posted 09 May 2006 - 08:54 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome turnups

Could you post an uninstall list for me please,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

Post back a fresh HJT log including the top section with it as well please
  • 0

#3
turnups
Posted 09 May 2006 - 09:02 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ABBYY FineReader 5.0 Sprint Plus
Ad-aware 6 Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 6.0.1
AVG Free Edition
dBpowerAMP Music Converter
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
EliteBar Internet Explorer Toolbar
GPL MPEG-1/2 DirectShow Decoder Filter
HijackThis 1.99.1
IE Host R3
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iolo technologies' System Mechanic
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Kerio Personal Firewall 2.1.4
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player 8
MailWasher
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2004
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.0.7)
MSN
MSN Messenger 7.5
MSN Toolbar
My Search Bar
P2P Networking
PowerDVD 5.3
QuickTime
Quintessential Player
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SelectRebates
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spell Checker For OE 2.1
Spybot - Search & Destroy 1.3
The Home Depot Great Lakes (West) ProBook CD
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VX2 Cleaner plug-in for Ad-Aware SE
WebFastConnect
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
  • 0

#4
turnups
Posted 09 May 2006 - 09:12 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
is that enough info needed?
  • 0

#5
don77
Posted 09 May 2006 - 09:17 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
This is going to take a bit of work but we can get you cleaned up,

Please click here and install the most recent version of Java,

Next
I know you have all already have Spybot S&D and AdAware, but just to be sure, please make sure you have the latest versions here: Spybot Search & Destroy and AdAware.

Also please be sure you follow the instructions and settings on this website to run a scan with both of these softwares.


Next

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:


EliteBar Internet Explorer Toolbar
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
My Search Bar
P2P Networking
SelectRebates


Please restart your computer after you have removed all the programs please,


Next

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HiJackThis and post a new log by using Add Reply


Be sure and include the top section of the HJT log please
  • 0

#6
turnups
Posted 09 May 2006 - 10:42 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i did everything still showing up


Logfile of HijackThis v1.99.1
Scan saved at 11:40:43 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ADSLDPC9.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Family\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6A295279-D812-7EFF-7D4F-AEE2E491E4FA} - C:\WINDOWS\psjermyy.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {C6AB00BC-4C3B-AE0A-2171-55A73C753F5B} - C:\WINDOWS\psjermyy.dll
O3 - Toolbar: Search - {8FDA3906-B674-AF29-494B-407BF064B3E5} - C:\WINDOWS\psjermyy.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [b27d01caf630] C:\WINDOWS\system32\ADSLDPC9.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Scheduled Maintenance] C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\Cache\Advtg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134617272718
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
  • 0

#7
don77
Posted 10 May 2006 - 04:29 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please uninstall spybot for the moment please, it will interfer with making the need changes to get rid of the malware on your system, its teatimer that will put back what we fix, its a great program and I suggest you reinstall it after we are all clean here,

Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {6A295279-D812-7EFF-7D4F-AEE2E491E4FA} - C:\WINDOWS\psjermyy.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {C6AB00BC-4C3B-AE0A-2171-55A73C753F5B} - C:\WINDOWS\psjermyy.dll
O3 - Toolbar: Search - {8FDA3906-B674-AF29-494B-407BF064B3E5} - C:\WINDOWS\psjermyy.dll
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [b27d01caf630] C:\WINDOWS\system32\ADSLDPC9.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\Cache\Advtg.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0015.exe


Close out HJT

Next
*Please open notepad and save these instructions, Name it something you will remember
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\psjermyy.dll
C:\Program Files\VBouncer
C:\WINDOWS\system32\ADSLDPC9.exe
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\Cache\Advtg.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click on “All Files”
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't automaticly restart, please restart it manually

Next
After the computers restarts please run another scan with Ad-aware fix all it finds please,

Restart your computer one more time


Next
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
along with a fresh HJT log please
  • 0

#8
turnups
Posted 10 May 2006 - 10:40 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry this took so long but this whole process took awhile.

Logfile of HijackThis v1.99.1
Scan saved at 11:37:58 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Scheduled Maintenance] C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134617272718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA5F4ACF-FFAE-4622-B755-67632FFF2D39}: NameServer = 205.171.3.65 205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Incident Status Location

Adware:adware/searchtheweb Not disinfected c:\windows\system32\cache\mswinstall.exe
Spyware:spyware/marketscore Not disinfected c:\windows\system32\osmim.dll
Adware:adware/beginto Not disinfected c:\windows\system32\rtneg.dll
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB57.dll
Adware:adware/portalscan Not disinfected c:\windows\system32\winupdt.008
Adware:adware/transponder Not disinfected c:\windows\inf\Pynix.inf
Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/ipinsight Not disinfected c:\windows\farmmext.ini
Adware:adware/enhancemsearch Not disinfected c:\windows\Helper101.dll
Spyware:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Adware:adware/ezula Not disinfected c:\windows\woinstall.exe
Adware:adware/whenusearch Not disinfected c:\program files\common files\WhenU
Adware:adware/wupd Not disinfected c:\program files\Media Pass
Spyware:spyware/search3 Not disinfected c:\program files\SEARCH3 TOOLBAR
Adware:adware/elitebar Not disinfected c:\documents and settings\family\favorites\Casino & Carrers
Adware:adware/ieplugin Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\appid\Altnet Signing Module.EXE
Spyware:Spyware/UrlSpy Not disinfected C:\!KillBox\ADSLDPC9.exe
Adware:Adware/eZula Not disinfected C:\!KillBox\Advtg.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Family\Application Data\eoew.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt[.bluestreak.com/]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1e6c188d-13fed43e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1e6c188d-13fed43e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1e6c188d-13fed43e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1e6c188d-13fed43e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c5c4cd1-53a67792.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c5c4cd1-53a67792.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c5c4cd1-53a67792.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c5c4cd1-53a67792.zip[Beyond.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Family\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Family\Cookies\family@adultfriendfinder[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Family\Cookies\[email protected][2].txt
Adware:Adware/BookedSpace Not disinfected C:\Documents and Settings\Family\Desktop\backups\backup-20060510-213959-231.dll
Adware:Adware/BookedSpace Not disinfected C:\Documents and Settings\Family\Desktop\backups\backup-20060510-213959-585.dll
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\1.exe[BundleLite_westfrontier1001.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\1.exe[thin-94-1-x-x.exe]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\1133875.dll
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\asmfiles.cab
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\p2psetup.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\rndrcus.exe
Spyware:Spyware/UrlSpy Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\setup1015.exe
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Family\Local Settings\Temp\uninstall.exe
Adware:Adware/EliteBar Not disinfected C:\EliteToolBar version 60.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\angelex.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\exclean.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\exdl.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\exdl0.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\exdl1.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\exul.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\I386\instsrv.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\javexulm.vxd
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\mac80ex.idf[C:/WINDOWS/system32/msbe.dll]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\mac80ex.idf[C:/Program Files/BullsEye Network/bin/bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\mac80ex.idf[C:/Program Files/BullsEye Network/bin/adv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\mac80ex.idf[C:/Program Files/BullsEye Network/bin/adx.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\mqexdlm.srg
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\msbe.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\msexreg.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/exdl.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/mqexdlm.srg]
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/javexulm.vxd]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/msexreg.exe]
Hacktool:HackTool/SRunner.B Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/instsrv.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\I386\netut80ex.vxd[C:/WINDOWS/system32/exclean.exe]
Spyware:Spyware/MarketScore Not disinfected C:\I386\rk.exe
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\3jnnkvww\3jnnkvww.dll
Adware:Adware Program Not disinfected C:\Program Files\3jnnkvww\63562640.exe
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\3jnnkvww\9r2n84tt.DLL
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\3jnnkvww\kglhegxw.DLL
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\3jnnkvww\td4bwxie.DLL
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\Common Files\WhenU\EmbedSE.dll
Adware:Adware/Mirar Not disinfected C:\WINDOWS\876056.exe
Adware:Adware/StartPage.AHW Not disinfected C:\WINDOWS\bs7beta.exe
Adware:Adware/StartPage.AHW Not disinfected C:\WINDOWS\dhyjwgme.dll
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Adware:Adware/StartPage.AHW Not disinfected C:\WINDOWS\eyahavbg.dll
Adware:Adware/StartPage.AHW Not disinfected C:\WINDOWS\hopamjkt.dll
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\nvlbdjuq.exe
Adware:Adware/Transponder Not disinfected C:\WINDOWS\Pynix.dll
Adware:Adware/StartPage.AHW Not disinfected C:\WINDOWS\qemnuhfx.dll
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\SYSTEM32\ACLUI376.exe
Adware:Adware/WinTools Not disinfected C:\WINDOWS\SYSTEM32\Cache\adl_ibis_AS2.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\SYSTEM32\Cache\bs51-egihsg51-va.exe[²ÇÇ]
Spyware:Spyware/ShhhToolbar Not disinfected C:\WINDOWS\SYSTEM32\Cache\runsearch.exe
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\SYSTEM32\Cache\setup1015.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\SYSTEM32\Cache\thin-8-3-x-x.exe
Adware:Adware/Beginto Not disinfected C:\WINDOWS\SYSTEM32\Cache\tool5-fran-one.exe
Adware:Adware/ILookup Not disinfected C:\WINDOWS\SYSTEM32\Cache\trafficgen-fran.exe
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\SYSTEM32\Cache\ucmoreiex.exe
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\SYSTEM32\CLBCATQ3.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\m?dtc.exe
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\SYSTEM32\rk.bin
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\SYSTEM32\rk.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\vznmlwap.dll
  • 0

#9
don77
Posted 11 May 2006 - 06:17 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
This scan is going to take you a bit, but it will clean up most of the garbage left on your system

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Post back the log from Ewido please
  • 0

#10
turnups
Posted 11 May 2006 - 10:03 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:02:28 PM, 5/11/2006
+ Report-Checksum: D3C91FD2

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\WhenU.EmbedSE -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CLSID -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CurVer -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WhenU.EmbedSE.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-21-1009062941-345979944-1215939877-1006\Software\intexp -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1009062941-345979944-1215939877-1006\Software\WinUpdt -> Adware.SecondThought : Cleaned with backup
C:\!KillBox\ADSLDPC9.exe -> Adware.UrlSpy : Cleaned with backup
C:\!KillBox\Advtg.exe -> Adware.EZula : Cleaned with backup
C:\Documents and Settings\Family\Application Data\eoew.exe -> Adware.PurityScan : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Family\Desktop\backups\backup-20060510-213959-231.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Family\Desktop\backups\backup-20060510-213959-585.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\1133875.dll -> Adware.EliteBar : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\rndrcus.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\tm47883.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\tm58734.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Family\Local Settings\Temp\uninstall.exe -> Adware.EliteBar : Cleaned with backup
C:\EliteToolBar version 60.dll -> Adware.EliteBar : Cleaned with backup
C:\I386\angelex.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\exdl.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\exdl1.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\exul.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
C:\I386\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\I386\msbe.dll -> Adware.BargainBuddy : Cleaned with backup
C:\I386\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\I386\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Cleaned with backup
C:\I386\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\WhenU\EmbedSE.dll -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\bs7beta.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\dhyjwgme.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : Cleaned with backup
C:\WINDOWS\eyahavbg.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\Helper101.dll -> Hijacker.Delf.r : Cleaned with backup
C:\WINDOWS\hopamjkt.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\izlighpu.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\nvlbdjuq.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\Pynix.dll -> Adware.DlMax : Cleaned with backup
C:\WINDOWS\qemnuhfx.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\SYSTEM32\ACLUI376.exe -> Adware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\adl_ibis_AS2.exe -> Adware.Wintol : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\bs51-egihsg51-va.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\thin-8-3-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\tool5-fran-one.exe -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\trafficgen-fran.exe -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup
C:\WINDOWS\SYSTEM32\CLBCATQ3.exe -> Adware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M5MLO5G9\proxy_inst[1].exe -> Dropper.Small.aeq : Cleaned with backup
C:\WINDOWS\SYSTEM32\rtneg.dll -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\vznmlwap.dll -> Adware.BookedSpace : Cleaned with backup


::Report End
  • 0

#11
don77
Posted 12 May 2006 - 04:59 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good job, cleaned up a whole lot of garbage !!!

How is the machine running now ?

Please run another scan with Active, Post back what it finds along with a fresh HJT log please
  • 0

#12
turnups
Posted 13 May 2006 - 09:54 PM

turnups

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes my system is running much better thank you very much. Ill realley appreciate what you have done for me.




ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:52:08 PM, 5/13/2006
+ Report-Checksum: 798E7281

+ Scan result:

:mozilla.16:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\hl4b5ca6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Family\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 10:53:13 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Mon

itor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\quintessential player\qcdplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Scheduled Maintenance] C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134617272718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA5F4ACF-FFAE-4622-B755-67632FFF2D39}: NameServer = 205.171.3.65 205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
  • 0

#13
don77
Posted 15 May 2006 - 04:53 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looks good :whistling:


Please use the following suggestion to help prevent reinfection


Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.4 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here for XP

See Here for ME Name it clean or something like that,

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP