Internet webpages install whether on internet or not [Shop at Home, VX2,Cliks Adware, & Taii.exe] Ran McAffee virus software said Trojan Vundo 2 files cleaned one and clean/move failed for other file: files where Appwrap1.exe & b2w.com:
Operating System:Windows 2000 SP4,4CPU 2.40GHZ,AT/compatible
Actions:
1. ran Ad-aware Se with customizaton[couldn't clear all files c:WINNT\System32\wjwpaga.exe & C:\temp\dummy.htm] 2.ran CWshredder
3. ran spybot 4. ran TDS-3 for trojan[no virus detected] 5.windows udate to SP4. 6.Hijack this log.
Not as many websites popup as before doing the above, but still annoying people use their powers for evil. Thank you for your help
Logfile of HijackThis v1.99.1
Scan saved at 9:09:17 AM, on 3/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\system32\dltsvcnt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\bpc_search\BPCv2.exe
C:\WINNT\system32\oc2suba.exe
C:\WINNT\system32\nzkklz.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\nmmdet.exe
A:\HijackThis.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://andromeda
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://andromeda
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www11.smed.com;*.smsrsm.com;*dashboard.*;*smshealthconx.net;cmtweb.deaconess.com*;*naxapp18*;192.168.*;172.21.*;172.26.*;143.59.*;172.20.1.43*;*webinservice.com*;*educode*
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [wjwpaqa] c:\winnt\system32\wjwpaqa.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\BPCv2.exe
O4 - HKLM\..\Run: [oF2g38j] oc2suba.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\nzkklz.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ZotmRUHpW] nmmdet.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://andromeda
O15 - Trusted Zone: *.cmms
O15 - Trusted Zone: http://*.cmms
O15 - Trusted Zone: *.dsh.smshealthconx.net
O15 - Trusted Zone: *.netaccess
O15 - Trusted Zone: www11.Smed.com
O15 - Trusted Zone: *.smshealthconx.net
O15 - Trusted Zone: http://*.smshealthconx.net
O15 - Trusted Zone: http://*.smshealthconx.net
O15 - Trusted Zone: *.smsrsm.com
O15 - Trusted Zone: http://*.smsrsm.com
O15 - Trusted Zone: *.cmms (HKLM)
O15 - Trusted Zone: http://*.cmms (HKLM)
O15 - Trusted Zone: *.dsh.smshealthconx.net (HKLM)
O15 - Trusted Zone: *.netaccess (HKLM)
O15 - Trusted Zone: www11.Smed.com (HKLM)
O15 - Trusted Zone: *.smshealthconx.net (HKLM)
O15 - Trusted Zone: http://*.smshealthconx.net (HKLM)
O15 - Trusted Zone: http://*.smshealthconx.net (HKLM)
O15 - Trusted Zone: *.smsrsm.com (HKLM)
O15 - Trusted Zone: http://*.smsrsm.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} (Ter Control) - http://netaccess/NTA...TM/webPrint.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = deaconess.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = deaconess.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = deaconess.com
O20 - Winlogon Notify: Extensions - C:\WINNT\system32\l26o0cj3efo.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CWShredder Service - Unknown owner - A:\CWShredder.exe (file missing)
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Shiva Dialout Service (DltSvc) - Shiva Corporation - C:\WINNT\system32\dltsvcnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe