Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Spyware Pop-ups[RESOLVED]

Started by chicagochicklett , Apr 07 2005 04:26 PM

  • This topic is locked This topic is locked

#1
chicagochicklett
Posted 07 April 2005 - 04:26 PM

chicagochicklett

    Member

  • Member
  • PipPip
  • 55 posts
Everytime I open up Internet Explorer, my computer gets innundated with Pop-up ads that fill up the taskbar and I can't make them go away. HELP!

I ran ad-aware, deleted the files it found, ran spybot search & destroy, and CWShreader - both of which found nothing. I rebooted and here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:22:57 PM, on 4/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\WinTask.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hereandno...rthwestern.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [PopMark] C:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [7FFX3EX] pubsion.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mow7ROb9V] psiconfg.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Guest_thatman_*
Posted 13 April 2005 - 04:26 AM

Guest_thatman_*
  • Guest
Hi chicagochicklett

Download the CCleaner unzip the file to install.
Open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Now click on Run Cleaner

Reboot your system.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
chicagochicklett
Posted 13 April 2005 - 09:12 PM

chicagochicklett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Incident Status Location

Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Virus:Trj/VB.DC No disinfected Operating system
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Owner\Application Data\sskknwrd.dll
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\System32\pacis.exe
Adware:Adware/Coupons No disinfected C:\Hijack This\backups\backup-20050403-170831-810.dll
Adware:Adware/EliteBar No disinfected C:\Hijack This\backups\backup-20050403-170831-952.dll
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/Pacimedia No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Virus:Trj/VB.CF Disinfected C:\WINDOWS\IEXPLOR.EXE
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\cxtpls_loader.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitecup32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\eliterob32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitezgx32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nls.exe]
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\system32\pacis.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\rtneg2.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\saie1108.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\SSK_B5 Verticlick 7.EXE
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\system32\wrapperouter.exe
Virus:Trj/VB.DC Disinfected C:\WINDOWS\WinTask.exe

Incident Status Location

Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Virus:Trj/VB.DC No disinfected Operating system
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Owner\Application Data\sskknwrd.dll
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\System32\pacis.exe
Adware:Adware/Coupons No disinfected C:\Hijack This\backups\backup-20050403-170831-810.dll
Adware:Adware/EliteBar No disinfected C:\Hijack This\backups\backup-20050403-170831-952.dll
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/Pacimedia No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Virus:Trj/VB.CF Disinfected C:\WINDOWS\IEXPLOR.EXE
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\cxtpls_loader.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitecup32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\eliterob32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitezgx32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nls.exe]
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\system32\pacis.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\rtneg2.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\saie1108.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\SSK_B5 Verticlick 7.EXE
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\system32\wrapperouter.exe
Virus:Trj/VB.DC Disinfected C:\WINDOWS\WinTask.exe

Incident Status Location

Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Virus:Trj/VB.DC No disinfected Operating system
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Owner\Application Data\sskknwrd.dll
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\System32\pacis.exe
Adware:Adware/Coupons No disinfected C:\Hijack This\backups\backup-20050403-170831-810.dll
Adware:Adware/EliteBar No disinfected C:\Hijack This\backups\backup-20050403-170831-952.dll
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/Pacimedia No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Virus:Trj/VB.CF Disinfected C:\WINDOWS\IEXPLOR.EXE
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\cxtpls_loader.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitecup32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\eliterob32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\system32\elitezgx32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javex80.vxd[nls.exe]
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\system32\pacis.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\rtneg2.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\saie1108.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\SSK_B5 Verticlick 7.EXE
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\system32\wrapperouter.exe
Virus:Trj/VB.DC Disinfected C:\WINDOWS\WinTask.exe Logfile of HijackThis v1.99.1
Scan saved at 10:08:30 PM, on 4/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hereandno...rthwestern.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [7FFX3EX] pubsion.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mow7ROb9V] psiconfg.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Guest_thatman_*
Posted 14 April 2005 - 05:05 AM

Guest_thatman_*
  • Guest
Hi chicagochicklett

Download Pocket Killbox and unzip it; save it to your Desktop. don't run yet

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:
C:\Program Files\Media Access\MediaAccess.exeExit the Task Manager when finished.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [7FFX3EX] pubsion.exe
O4 - HKCU\..\Run: [Mow7ROb9V] psiconfg.exe
Click on { red Fix Checked } when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Media Access<--Delete the whole folder
pubsion.exe<--Delete this file
psiconfg.exe<--Delete this file
Exit Explorer.


Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\Documents and Settings\Owner\Favorites\Casino & Carrers
C:\Documents and Settings\Owner\Application Data\sskknwrd.dll
C:\WINDOWS\System32\pacis.exe
C:\Hijack This\backups\backup-20050403-170831-810.dll
C:\Hijack This\backups\backup-20050403-170831-952.dll
C:\WINDOWS\IEXPLOR.EXE
C:\WINDOWS\system32\cxtpls_loader.exe
C:\WINDOWS\system32\elitecup32.exe
C:\WINDOWS\system32\eliterob32.exe
C:\WINDOWS\system32\elitezgx32.exe
C:\WINDOWS\system32\javex80.vxd[nvms.dll]
C:\WINDOWS\system32\javex80.vxd[nls.exe]
C:\WINDOWS\system32\pacis.exe
C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
C:\WINDOWS\system32\rtneg2.dll
C:\WINDOWS\system32\saie1108.exe
C:\WINDOWS\system32\SSK_B5 Verticlick 7.EXE
C:\WINDOWS\system32\wrapperouter.exe
C:\WINDOWS\WinTask.exe
C:\Program Files\cxtpls
C:\Program Files\AIM\Sysfiles\WxBug.EXE
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
End of killbox file's

Reboot into normal mode.

Follow up with an online Trojan scan at any of the following:
TrojanHunter
http://www.computerc.../reviews-8.html
a2 Scanner
http://www.emsisoft..../software/free/
Trojan Remover
http://www.simplysup...r/download.html

Please run two of the following free, online virus scans.
http://security.syma...com/default.asp?
http://www.ravantivirus.com/scan/
http://www3.ca.com/virusinfo/
http://www.bitdefend...can/licence.php
http://www.commandon.../eval/index.cfm
http://www.freedom.n...viruscheck.html
http://info.ahnlab.com/english/
http://www.pcpitstop...tiVirusCntr.asp
Post virus/troj scans and HJT.log[/b][/COLOR] we will need them to remove previous infections that have left files on your system.[/color]

Kc :tazz:
  • 0

#5
Guest_thatman_*
Posted 22 April 2005 - 11:17 AM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP