Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Moms HijackThis File[RESOLVED]


  • This topic is locked This topic is locked

#1
ClarkClark

ClarkClark

    Member

  • Member
  • PipPip
  • 88 posts
She complains of running slow with many popups. Thanks for the help.




Logfile of HijackThis v1.99.1
Scan saved at 8:55:38 PM, on 4/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\googi\iimugbbl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\kqatbqd\upktx.exe
c:\windows\system32\lzzers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\apcups57.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\n?tdde.exe
C:\Documents and Settings\Clarks\Application Data\taee.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\VBouncer\VirtualBouncer.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\WINDOWS\System32\wuauclt.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\gaizbhik.exe
C:\WINDOWS\gaizbhik.exe
C:\WINDOWS\gaizbhik.exe
C:\TEMP\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {2AD33C81-876D-EFFA-4B31-D938054990BD} - C:\WINDOWS\System32\lvucofwe.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsj81.dll
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [a02268a6a41d] C:\WINDOWS\System32\bidispl0.exe
O4 - HKLM\..\Run: [56e54eff3c3b] C:\WINDOWS\System32\apcups57.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [hng30qyk] C:\Program Files\hng30qyk\hng30qyk.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [gY.exe] C:\windows\system32\gY.exe
O4 - HKLM\..\Run: [p72k3tU] patrdm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [iimugbbl] C:\WINDOWS\System32\googi\iimugbbl.exe
O4 - HKLM\..\Run: [upktx] C:\WINDOWS\System32\kqatbqd\upktx.exe
O4 - HKLM\..\Run: [qtkkybgx] C:\WINDOWS\System32\awpgku\qtkkybgx.exe
O4 - HKLM\..\Run: [knihc] C:\WINDOWS\System32\ajvmf\knihc.exe
O4 - HKLM\..\Run: [qkwtw] C:\WINDOWS\System32\etenp\qkwtw.exe
O4 - HKLM\..\Run: [tjayd] C:\WINDOWS\System32\rjcir\tjayd.exe
O4 - HKLM\..\Run: [sau] c:\program files\180search assistant\sau.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [aiisnbsx] C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
O4 - HKLM\..\Run: [SkyH2] C:\TEMP\wamaqev.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [sjfvrm] c:\windows\system32\lzzers.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YwtqRjY6U] nwiebdvd.exe
O4 - HKCU\..\Run: [Pruo] C:\Documents and Settings\Clarks\Application Data\taee.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ac...r1154041105.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/loader2.ocx
O16 - DPF: {A5F09500-01B0-4930-B62E-7A86D8311411} (EasyMessengerInstaller Class) - http://ax.180solutio...messengerax.CAB
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://install.spywa...r2504040406.exe
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe
O23 - Service: knihcajvmf - Unknown owner - C:\WINDOWS\System32\ajvmf\knihc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: tjaydrjcir - Unknown owner - C:\WINDOWS\System32\rjcir\tjayd.exe
O23 - Service: upktxkqatbqd - Unknown owner - C:\WINDOWS\System32\kqatbqd\upktx.exe
  • 0

Advertisements


#2
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello ClarkClark, Welcome to the Geeks to go Forums. My Name is Jfcap, and I will be helping you clean your system.

You may wish to print out a copy of these instructions incase you need to boot into safe mode, where your internet will be unavailable.

Lets get started!


Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

You are running HijackThis from its zipped archive; please create a new folder and unzip HiJackThis into the folder. It is very important you do this before anything else!

Next please post a fresh HiJackThis log for me to look at.

Let me know if you have any questions

-Justin
  • 0

#3
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
This computer seems like its going to be more trouble. Ad aware ran and found alot but it couldnt delete these:
C:Windows/Winows/System 32/n?tdde.exe
C:Windows/Program Files/toolbar/common.dll
nzqlihv.wzg
pib.exe
radio.exe
TBPS.exe
Spybot also couldnt delete everything.



Logfile of HijackThis v1.99.1
Scan saved at 6:10:41 PM, on 4/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\googi\iimugbbl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\kqatbqd\upktx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
c:\windows\system32\mtceem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\apcups57.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\n?tdde.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Clarks\Application Data\taee.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\BundleLite_westfrontier1001.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clarks\Desktop\Articles-Matt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {2AD33C81-876D-EFFA-4B31-D938054990BD} - C:\WINDOWS\System32\lvucofwe.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsj81.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [a02268a6a41d] C:\WINDOWS\System32\bidispl0.exe
O4 - HKLM\..\Run: [56e54eff3c3b] C:\WINDOWS\System32\apcups57.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hng30qyk] C:\Program Files\hng30qyk\hng30qyk.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [p72k3tU] patrdm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [iimugbbl] C:\WINDOWS\System32\googi\iimugbbl.exe
O4 - HKLM\..\Run: [upktx] C:\WINDOWS\System32\kqatbqd\upktx.exe
O4 - HKLM\..\Run: [qtkkybgx] C:\WINDOWS\System32\awpgku\qtkkybgx.exe
O4 - HKLM\..\Run: [knihc] C:\WINDOWS\System32\ajvmf\knihc.exe
O4 - HKLM\..\Run: [qkwtw] C:\WINDOWS\System32\etenp\qkwtw.exe
O4 - HKLM\..\Run: [tjayd] C:\WINDOWS\System32\rjcir\tjayd.exe
O4 - HKLM\..\Run: [sau] c:\program files\180search assistant\sau.exe
O4 - HKLM\..\Run: [aiisnbsx] C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
O4 - HKLM\..\Run: [SkyH2] C:\TEMP\wamaqev.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [ajxout] c:\windows\system32\mtceem.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YwtqRjY6U] nwiebdvd.exe
O4 - HKCU\..\Run: [Pruo] C:\Documents and Settings\Clarks\Application Data\taee.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe
O23 - Service: knihcajvmf - Unknown owner - C:\WINDOWS\System32\ajvmf\knihc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tjaydrjcir - Unknown owner - C:\WINDOWS\System32\rjcir\tjayd.exe
O23 - Service: upktxkqatbqd - Unknown owner - C:\WINDOWS\System32\kqatbqd\upktx.exe
  • 0

#4
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

I need you to do something in AdAware for me again, sorry I didnt add this in the first time.
Plug-Ins for Ad-Aware (VX2 Cleaner)
Download the free VX2 Cleaner here
  • Close Ad-Aware SE build 1.05 and Ad-Watch (if running)
  • Install the VX2 Cleaner
  • Start Ad-Aware SE build 1.05
  • Go to “Plug-ins”
  • Select the VX2 Cleaner plug-in and click “Run Plugin”
  • If your computer isn't infected, click "close"
  • If your computer is infected:
  • Select “Clean System”
  • Reboot your computer
  • Scan your computer with Ad-Aware
  • Remove any VX2 objects detected
  • Reboot your computer again
  • Run a second scan to make sure the files have been removed from your computer
Virus warnings while performing a scan with Ad-Aware
While performing a scan with Ad-Aware, a background antivirus monitor may issue an alert, stating that a virus has been found in the temporary directory (%temp%) for the current user. This does not necessarily mean your computer has been infected with an active virus. Most antivirus resident scanners will not scan compressed files and only monitor your memory for the sign of an active viral process.

During a scan, Ad-Aware will temporarily decompress files to scan their contents without activating the content, but in doing so, the file is noticed by the antivirus' resident scanner.

Also, some antivirus applications include an option to quarantine infected files, and when Ad-Aware decompresses these quarantined files, the antivirus background scanner detects the virus moving outside the quarantine area. To avoid this you can either remove the quarantined files via your antivirus application, or have Ad-Aware ignore the antivirus program's quarantine folders/files during a scan.

Edited by Jfcap, 20 April 2005 - 10:45 PM.

  • 0

#5
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
ok i ran vx2 cleaner and it was not infected. i ran ad ad-aware again and this time there was only one file it couldnt delete:
C:Windows/Winows/System 32/n?tdde.exe
heres my new hijack this. thanks


Logfile of HijackThis v1.99.1
Scan saved at 9:40:24 AM, on 4/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\apcups57.exe
c:\windows\system32\tqiibs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\googi\iimugbbl.exe
C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\n?tdde.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Clarks\Application Data\taee.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\kqatbqd\upktx.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clarks\Desktop\Articles-Matt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {2AD33C81-876D-EFFA-4B31-D938054990BD} - C:\WINDOWS\System32\lvucofwe.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsj81.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [a02268a6a41d] C:\WINDOWS\System32\bidispl0.exe
O4 - HKLM\..\Run: [56e54eff3c3b] C:\WINDOWS\System32\apcups57.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hng30qyk] C:\Program Files\hng30qyk\hng30qyk.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [p72k3tU] patrdm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [iimugbbl] C:\WINDOWS\System32\googi\iimugbbl.exe
O4 - HKLM\..\Run: [upktx] C:\WINDOWS\System32\kqatbqd\upktx.exe
O4 - HKLM\..\Run: [qtkkybgx] C:\WINDOWS\System32\awpgku\qtkkybgx.exe
O4 - HKLM\..\Run: [knihc] C:\WINDOWS\System32\ajvmf\knihc.exe
O4 - HKLM\..\Run: [qkwtw] C:\WINDOWS\System32\etenp\qkwtw.exe
O4 - HKLM\..\Run: [tjayd] C:\WINDOWS\System32\rjcir\tjayd.exe
O4 - HKLM\..\Run: [sau] c:\program files\180search assistant\sau.exe
O4 - HKLM\..\Run: [aiisnbsx] C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
O4 - HKLM\..\Run: [SkyH2] C:\TEMP\wamaqev.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [sidhhs] c:\windows\system32\tqiibs.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YwtqRjY6U] nwiebdvd.exe
O4 - HKCU\..\Run: [Pruo] C:\Documents and Settings\Clarks\Application Data\taee.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe
O23 - Service: knihcajvmf - Unknown owner - C:\WINDOWS\System32\ajvmf\knihc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tjaydrjcir - Unknown owner - C:\WINDOWS\System32\rjcir\tjayd.exe
O23 - Service: upktxkqatbqd - Unknown owner - C:\WINDOWS\System32\kqatbqd\upktx.exe
  • 0

#6
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

Run at least 2 of these online virus scans:

Housecall<<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan<<<Accept default settings, save and post the log
RAV online scan<<<Add a check by 'Autoclean', leave everything else as is.
eTrust Antivirus Web Scan<<<'Cure' whatever is found, then delete if unsuccessful
Bitdefender ScanOnline<<<Place a check by everything under 'Scan Options'.
Command on Demand

Also run an online trojan scan here: http://www.trojanscan.com/
Reboot when finished.

Next,

Please download Ediwo.

Install it and then double click on the new icon for the program. You can't miss it, it's a big yellow E. It will ask you to upgrade the database. Follow the instructions.
Once it is ready click on the Scanner button, Select C drive if you have more than one and then start.

This scan may take a while, but please allow it to complete the entire scan.

At then end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.

Carry out another HJT scan and post the log back here, so we can sort out the rest of the problems.
  • 0

#7
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
ok the scans went well. I ran the panda and have the active sanc for that. For the ewido, i accidentaly didnt click save the scan. i wasnt sure if i was supposed to do that again too or not. sorry. heres my panda scan and hijack this.






Incident Status Location

Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\lsp.dll
Virus:Trj/Agent.PF Disinfected Operating system
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\System32\browser6.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Virus:Bck/Sdbot.CYK Disinfected Operating system
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\System32\apcups57.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\SahAgent.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\xmltok.dll
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Clarks\Application Data\taee.exe
Virus:Trj/CPR.A No disinfected Operating system
Adware:Adware/Beginto No disinfected C:\WINDOWS\System32\nsj81.dll
Adware:Adware/eZula No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\System32\cache32_rtneg?
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Gain Publishing
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.log
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.???
Adware:Adware/PortalScan No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\TEMP\bs*.tmpbsx32
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\System32\SWRT??.dll
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\Clarks\Start Menu\Programs\Startup\Virtual Bouncer.lnk
Adware:Adware/Sqwire No disinfected C:\TEMP\tsinstall_?_?_?_*.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Clarks\Application Data\tvm*.dll
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/Adroar No disinfected C:\WINDOWS\artmmp.ini
Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\mm??.ocx
Adware:Adware/Twain-Tech No disinfected C:\TEMP\THI*.tmp
Adware:Adware/WildTangent No disinfected C:\WINDOWS\wt
Adware:Adware/WUpd No disinfected C:\Program Files\Media Pass
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Clarks\Favorites\Casino & Carrers
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\exdl.exe
Adware:Adware/Beginto No disinfected C:\WINDOWS\System32\rtneg?.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\System32\osconfig.dll
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\System32\stlb2.xml
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\cfgmgr51.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Clarks\Application Data\sskknwrd.dll
Adware:Adware/IEMenuExtension No disinfected C:\WINDOWS\IEMenuExtension.exe
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\System32\Free LapTop Computer.ico
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\System32\Cache\mswinstall.exe
Adware:Adware/SearchTheWeb No disinfected C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Clarks\Application Data\taee.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[lsp_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[xmlparse_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[xmltok_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[SAHAgent_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[SAHUninstall_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[SahHtml_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[WEBInstaller.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Clarks\Local Settings\Temporary Internet Files\Content.IE5\5EI4DD8F\bunSetup[1].cab[setup.inf]
Virus:Trj/LowZones.BB Disinfected C:\Install.exe
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\krkf\krkfd\krkfc.dll
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\krkf\krkfp.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Pass\MediaPassC.dll
Adware:Adware/PurityScan No disinfected C:\TEMP\!update.exe
Virus:Trj/VB.DC Disinfected C:\TEMP\10A.tmp
Adware:Adware/Apropos No disinfected C:\TEMP\cxtpls_loader.exe
Adware:Adware/nCase No disinfected C:\TEMP\Del6.tmp
Adware:Adware/nCase No disinfected C:\TEMP\Del66.tmp
Virus:Trj/TSUpdate.A Disinfected C:\TEMP\GLF61GLF61.EXE
Virus:Trj/Downloader.BIH Disinfected C:\TEMP\ICD3.tmp\svcmm32.inf
Virus:Trj/Multidropper.QW Disinfected C:\TEMP\RAZR.exe
Adware:Adware/Zango No disinfected C:\TEMP\resC4.tmp
Adware:Adware/DelFinMedia No disinfected C:\TEMP\rm05040901.Stub.exe
Adware:Adware/SideSearch No disinfected C:\TEMP\SEPInst.exe
Adware:Adware/MyWebSearch No disinfected C:\TEMP\temp.fr36A2
Adware:Adware/IPInsight No disinfected C:\TEMP\THI1F.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\TEMP\THI1F.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\TEMP\THI1F29.tmp\Pynix.inf
Adware:Adware/StartPage.DI No disinfected C:\TEMP\THI3309.tmp\elitetrp.exe
Adware:Adware/StartPage.DI No disinfected C:\TEMP\THI33AF.tmp\elitetrp.exe
Adware:Adware/Transponder No disinfected C:\TEMP\THI3CCD.tmp\dlmax.dll
Adware:Adware/Transponder No disinfected C:\TEMP\THI3CCD.tmp\dlmax.inf
Spyware:Spyware/BetterInet No disinfected C:\TEMP\THI4733.tmp\ceres.inf
Spyware:Spyware/ISTbar No disinfected C:\TEMP\tsinstall_4_0_3_8_b17.exe
Virus:Trj/Bhotcher.A Disinfected C:\TEMP\WBCM_Installer.exe
Adware:Adware/MediaTickets No disinfected C:\trufkz.html
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\a65d.exe
Virus:Trj/Multidropper.NB Disinfected C:\WINDOWS\ahadp.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Adware:Adware/Zango No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mm63.INF
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\lsp_.dll
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\pcs_0004.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SahHtml_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Virus:Trj/Downloader.BIH Disinfected C:\WINDOWS\Downloaded Program Files\svcmm32.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
Adware:Adware Program No disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/BHO No disinfected C:\WINDOWS\ei25.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\exdl.exe
Adware:Adware/Ucmore No disinfected C:\WINDOWS\IEMenuExtension.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\Pynix.inf
Virus:Trj/SCBop.B Disinfected C:\WINDOWS\mbop1-0-3b.exe
Spyware:Spyware/DirectRevenue No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SAHUninstall.exe
Virus:Trj/SCBop.B Disinfected C:\WINDOWS\SysCheckBop32.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\70tovmto.ini
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\acctres2.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\apcups57.exe
Virus:Bck/Sdbot.CYK Disinfected C:\WINDOWS\system32\bkrtre.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\browser6.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\BundleLite_westfrontier1001.exe
Virus:Trj/TSUpdate.A Disinfected C:\WINDOWS\system32\Cache\AMEX_54.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\Cache\InstallAPS.exe
Virus:Trj/Multidropper.UO Disinfected C:\WINDOWS\system32\Cache\Kyongju.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\system32\Cache\MTE0MzA6ODoxMg.exe
Virus:Trj/SCBop.B Disinfected C:\WINDOWS\system32\Cache\setup.exe
Virus:Trj/Downloader.BJF Disinfected C:\WINDOWS\system32\Cache\skh2.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\Cache\SSK_B5 WMG Media - Rev Share 3.EXE
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\Cache\thin-8-1-x-x.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\Cache\thin-8-3-x-x.exe
Adware:Adware/ILookup No disinfected C:\WINDOWS\system32\Cache\trgen_fran-162813.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\system32\Cache\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\Cache\wrapperouter.exe
Virus:Trj/Agent.PF Disinfected C:\WINDOWS\system32\DrPMon.dll
Virus:Trj/Downloader.BHP Disinfected C:\WINDOWS\system32\etenp\qkwtw.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\lsp.dll
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\nsj81.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\NTDDE~1.EXE
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osmim.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\pop2.exe
Virus:Trj/Downloader.BHP Disinfected C:\WINDOWS\system32\rjcir\tjayd.exe
Virus:Bck/Sdbot.CYK Disinfected C:\WINDOWS\system32\rkdnhgv.exe
Adware:Adware/ILookup No disinfected C:\WINDOWS\system32\rtneg.dll
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\rtneg2.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SahAgent.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SahHtml.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\SSK_B5 Verticlick 7.EXE
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\SWRT01.dll
Virus:Trj/CPR.A Disinfected C:\WINDOWS\system32\sysmonnt.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\wsxsvc\wsx.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\wsxsvc\wsx.ocx
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\Temp\setup4.exe
Virus:Trj/Downloader.BYI Disinfected C:\WINDOWS\utwbye.exe



Logfile of HijackThis v1.99.1
Scan saved at 8:32:40 PM, on 4/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\googi\iimugbbl.exe
C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\n?tdde.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\kqatbqd\upktx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clarks\Desktop\Cleaners\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {2AD33C81-876D-EFFA-4B31-D938054990BD} - C:\WINDOWS\System32\lvucofwe.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsj81.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [a02268a6a41d] C:\WINDOWS\System32\bidispl0.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hng30qyk] C:\Program Files\hng30qyk\hng30qyk.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [p72k3tU] patrdm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [iimugbbl] C:\WINDOWS\System32\googi\iimugbbl.exe
O4 - HKLM\..\Run: [upktx] C:\WINDOWS\System32\kqatbqd\upktx.exe
O4 - HKLM\..\Run: [qtkkybgx] C:\WINDOWS\System32\awpgku\qtkkybgx.exe
O4 - HKLM\..\Run: [knihc] C:\WINDOWS\System32\ajvmf\knihc.exe
O4 - HKLM\..\Run: [sau] c:\program files\180search assistant\sau.exe
O4 - HKLM\..\Run: [aiisnbsx] C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
O4 - HKLM\..\Run: [SkyH2] C:\TEMP\wamaqev.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [clwbkp] c:\windows\system32\ancgob.exe
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YwtqRjY6U] nwiebdvd.exe
O4 - HKCU\..\Run: [Pruo] C:\Documents and Settings\Clarks\Application Data\taee.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe
O23 - Service: knihcajvmf - Unknown owner - C:\WINDOWS\System32\ajvmf\knihc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: tjaydrjcir - Unknown owner - C:\WINDOWS\System32\rjcir\tjayd.exe (file missing)
O23 - Service: upktxkqatbqd - Unknown owner - C:\WINDOWS\System32\kqatbqd\upktx.exe
  • 0

#8
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

Sorry for the delay in my response, I had a lazy weekend of computer gaming.

Lets get working on this log again =)

Please Download CleanUp!. Then install it, but do not run it yet.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {2AD33C81-876D-EFFA-4B31-D938054990BD} - C:\WINDOWS\System32\lvucofwe.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsj81.dll (file missing)
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [a02268a6a41d] C:\WINDOWS\System32\bidispl0.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hng30qyk] C:\Program Files\hng30qyk\hng30qyk.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [p72k3tU] patrdm.exe
O4 - HKLM\..\Run: [iimugbbl] C:\WINDOWS\System32\googi\iimugbbl.exe
O4 - HKLM\..\Run: [upktx] C:\WINDOWS\System32\kqatbqd\upktx.exe
O4 - HKLM\..\Run: [qtkkybgx] C:\WINDOWS\System32\awpgku\qtkkybgx.exe
O4 - HKLM\..\Run: [knihc] C:\WINDOWS\System32\ajvmf\knihc.exe
O4 - HKLM\..\Run: [sau] c:\program files\180search assistant\sau.exe
O4 - HKLM\..\Run: [aiisnbsx] C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
O4 - HKLM\..\Run: [SkyH2] C:\TEMP\wamaqev.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [clwbkp] c:\windows\system32\ancgob.exe
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [YwtqRjY6U] nwiebdvd.exe
O4 - HKCU\..\Run: [Pruo] C:\Documents and Settings\Clarks\Application Data\taee.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe
O23 - Service: knihcajvmf - Unknown owner - C:\WINDOWS\System32\ajvmf\knihc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: tjaydrjcir - Unknown owner - C:\WINDOWS\System32\rjcir\tjayd.exe (file missing)
O23 - Service: upktxkqatbqd - Unknown owner - C:\WINDOWS\System32\kqatbqd\upktx.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

MediaPassK.
ErrorGuard
VirtualBouncer
sau
Shop at Home Select Agent
Searchbar
Web Search Toolbar


Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Media Pass
C:\Program Files\ErrorGuard
C:\Program Files\VBouncer
c:\program files\180search assistant

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
lshosts32.exe
C:\WINDOWS\sixtypopsix.exe
C:\WINDOWS\System32\bidispl0.exe
C:\Program Files\hng30qyk\hng30qyk.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
patrdm.exe
C:\WINDOWS\System32\googi\iimugbbl.exe
C:\WINDOWS\System32\kqatbqd\upktx.exe
C:\WINDOWS\System32\awpgku\qtkkybgx.exe
C:\WINDOWS\System32\ajvmf\knihc.exe
C:\WINDOWS\System32\qckpgmu\aiisnbsx.exe
C:\TEMP\wamaqev.exe
c:\windows\system32\ancgob.exe
C:\WINDOWS\System32\n?tdde.exe
nwiebdvd.exe

After that, Reboot.

Now run CleanUp:
1. Click on Start, Programs, CleanUp!, CleanUp!.
2. A dialog will appear. Click on the button labeled "CleanUp!".

Allow CleanUp! to reboot your system.

Please post a new HiJackThis log for me.

Let me know if you have any questions.

Jusitn
  • 0

#9
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
when i press the link for cleanup, it says the page can not be opened? thanks
  • 0

#10
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

Dont know why it didnt work, lets try again

Direct link for CleanUP! is here

If that doesnt work the main page is here

If you use the main page, click on downloads and scroll down until you see CleanUp! 4.0, and download that version.


Justin
  • 0

Advertisements


#11
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
ok it worked. ewido keeps coming up with this infected file: ymemfpnag.exe. i keep pressing clean but it will still keep coming up. Heres my new hijack this. thanks

Logfile of HijackThis v1.99.1
Scan saved at 1:36:23 PM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Clarks\Desktop\Cleaners\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#12
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

We are almost there, Ewido picked up a lot of the stuff for us.

Run Services.msc by clicking START ---> RUN, when the box opens type services.msc

Scroll down to System Startup Service or SvcProc

Right click the entry, select 'Properties' and press 'Stop Service'.

When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'.

Press 'OK' until you get back to Windows.

Also download Killbox and have it ready to use.

Open HiJackThis and rescan your computer. Place a check mark next to the below entries.

O23 - Service: iimugbblgoogi - Unknown owner - C:\WINDOWS\System32\googi\iimugbbl.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Click the Fix Checked. Close HiJackThis and reboot.

We will have to edit the registry to get rid of the SVC infection. Set a Restore Point first but as long as you follow these instructions carefully, you will be fine.As a precaution you can also Back up your registry

Go to Start > Run and type:

regedit

and OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services. Click on the + by the Services key and delete the SvcProc subkey. Now go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services. Click on the + by the Services key and delete the SvcProc subkey. (you may have a HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services key, if so, repeat the instructions)

Close the registry editor.

Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Once in Safe Mode, please run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\svcproc.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.


Now post another HiJackThis log for me to look at.

Let me know if you have any questions about the above fixes.

Justin
  • 0

#13
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
alright.heres my new hijack this. thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:44:42 PM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Clarks\Desktop\Cleaners\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: aim.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0033.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#14
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
ClarkClark,

Do you smell that? Its the smell of a clean log!

Your computer is spyware free at this time!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#15
ClarkClark

ClarkClark

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
thanks alot jfcap. i owe you so much. you are the man. thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP