Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

msn virus


  • Please log in to reply

#1
rom pom

rom pom

    New Member

  • Member
  • Pip
  • 2 posts
hello!!
this is my first post and im extremelly bad with computers and i clicked a link which has brought so many viruses!
i have done everything you told me to do before posting a Hijackthis thing!

if i send anything wrong or forgot anything tell me and i wish i could be more specific but i have no clue with these things!!

i have added in all the scans you asked me to complete...i really hope that is enough!!!

some things i can try to explain are i get a pop up advertisement every five minutes, Yinstall, alot came with the Yinstall, msmsg, rudell, too much little pop ups as soon as i sign in on xp, and my comp with go to a navy screen with writing and then shut down before you can read it!!

sorry i couldnt explain any more i hope the attachments are enough
thankyou so much


Logfile of HijackThis v1.99.1
Scan saved at 11:06:33 PM, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iBurst\iBurst_UTL.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ROMPOM~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00015.exe"
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Rom Pom\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [apq662f3] RUNDLL32.EXE w0045ea7.dll,n 005662ee0000000a0045ea7
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Sabt] "C:\WINDOWS\ICROSO~1.NET\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [] "C:\Program Files\ErrorSafe Free\uers.exe" /scan
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: iBurst_Modem UTL.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?5fef25f5f21349199acf819ac2be038c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?5fef25f5f21349199acf819ac2be038c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...133352D2D2D.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matca.../speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5055CCDC-0ACD-447C-A5AD-81B875F53161}: NameServer = 202.171.191.10 202.171.190.10
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:17:25 PM 28/10/2006

+ Scan result:



C:\Program Files\BraveSentry -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\Uninstall.exe -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020807.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020810.DLL -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications\DxcBho.dll -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1981407446-3484162291-416649112-1004\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1981407446-3484162291-416649112-1004\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1981407446-3484162291-416649112-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Installer4.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020769.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020800.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020809.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020811.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021024.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021025.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021026.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021027.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021028.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP178\A0028118.dll -> Adware.Pesttrap : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\UJ89ANU7\Yinstall[1].mp3 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Yinstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Recycled\Dc256.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0020934.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0021029.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP178\A0028119.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP178\A0028121.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Local Settings\Temp\nsg13.tmp\Services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{3043DF50-06C1-1033-0610-05042120003d}\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B043DF50-06C0-1033-0610-05042120003d}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B043DF50-06C0-1033-0610-05042120003d}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B043DF50-06C1-1033-0610-05042120003d}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020705.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020706.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020707.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020746.DLL -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020747.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020780.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020781.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0020941.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP169\A0020942.DLL -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP178\A0028120.dll -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058211.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058213.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058214.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020808.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058207.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058210.exe -> Downloader.Agent.azc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058208.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058205.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058204.exe -> Downloader.Tibs.gc : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Application Data\errorsafespecialofferinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Local Settings\Temporary Internet Files\Content.IE5\2BRXTC5M\ErrorSafeNewReleaseInstall[1].cab/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Rom Pom\Local Settings\Temporary Internet Files\Content.IE5\2BRXTC5M\ErrorSafeSpecialOfferInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP168\A0020812.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Bev\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bev\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Bev\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058209.exe -> Trojan.Sinowal.be : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058203.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2AAD4BE0-32FD-4AC1-AA4B-BEC940AB3E71}\RP209\A0058206.exe -> Worm.VB.ao : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Adware:Adware/DeluxeComunications Not disinfected c:\windows\system32\crunner\cproc.exe
Adware:Adware/PrintView Not disinfected c:\progra~1\printv~1\pvmodule.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\sjtlgwip.dll
Virus:trj/abwiz.a Disinfected Operating system
Hacktool:rootkit/taskdirhide Not disinfected c:\windows\system32\taskdir.exe
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Virus:bck/haxdoor.a Disinfected Operating system
Adware:adware/webattaker Not disinfected c:\windows\system32\kernels8.exe
Adware:adware/adsmart Not disinfected c:\windows\system32\dlh9jkdq8.exe
Virus:trj/torpig.a Disinfected Operating system
Adware:adware/dollarrevenue Not disinfected c:\windows\newname.dat
Adware:adware/bravesentry Not disinfected c:\windows\xpupdate.exe
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\crunner\cupdater.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bkd.exe
Virus:Bck/Alanchum.HJ Disinfected C:\WINDOWS\system32\image1.gif.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkdq2.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkdq7.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Um9tIFBvbQ\oA6QKI1Svk.vbs
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\Cookies\rom [email protected][1].txt
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\b126.exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\cmdinst.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\b116.exe
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Rom Pom\Local Settings\Temp\nsg13.tmp\nsRandom.dll
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Rom Pom\Cookies\rom [email protected][2].txt
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1da942d2-2f027ae7.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1da942d2-2f027ae7.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1da942d2-2f027ae7.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1da942d2-2f027ae7.zip[Beyond.class]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Guest\Application Data\Install.dat
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3043DF50-06C1-1033-0610-05042120003d}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3043DF50-06C1-1033-0610-05042120003d}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3043DF50-06C0-1033-0610-05042120003d}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3043DF50-06C0-1033-0610-05042120003d}\Uninst.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\Common Files\Error Safe\ESPChck.dll
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\printhook030.dll
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\pvmodule.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/ISearch Not disinfected C:\ccreenfd.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,034 posts
Hi rom pom,

Can you follow the instructions posted here:
http://www.geekstogo...orm-t98929.html

Then run HijackThis and put a checkmark before these items:

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00015.exe"
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Rom Pom\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [apq662f3] RUNDLL32.EXE w0045ea7.dll,n 005662ee0000000a0045ea7
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Sabt] "C:\WINDOWS\ICROSO~1.NET\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [] "C:\Program Files\ErrorSafe Free\uers.exe" /scan
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...133352D2D2D.exe

Click Fix checked and reboot.
Post a new HijackThis log when you are done.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP