Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Red Shield with X, Changed homepage, Annoying popups called "Wind


  • This topic is locked This topic is locked

#1
Duckierawr

Duckierawr

    New Member

  • Member
  • Pip
  • 6 posts
This has been bothering me for days, my homepage has changed to this weird UCleaner thing, "Spyware Alert" popup telling me that Worm.Win32.NetBobster has been detected, 3 new icons on my desktop... Error Cleaner, Privacy Protector, and Spyware&Malware Protection. There is a red shied with an X on my taskbar. Also there are popups telling me that "Arebot" has been found. But i think it is fake. Also there is a "Windows Security Alert" popup telling me that "Windows has detected an Internet attack attempt..."


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:27 PM, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\upszghoz\kfyxerwl.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\slcjkbmb.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
O1 - Hosts: <meta name="ProgId" content="FrontPage.Editor.Document">
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <title>OOPS!</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#848484">
O1 - Hosts: <p>&nbsp;</p>
O1 - Hosts: <p>&nbsp;</p>
O1 - Hosts: <div align="center">
O1 - Hosts: <center>
O1 - Hosts: <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="617" height="77" id="AutoNumber1">
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="7" bgcolor="#FF931F">
O1 - Hosts: <p align="center"><i><font face="BatangChe"><b>OOPS!</b></font></i></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="50" bgcolor="#CFD9DF">
O1 - Hosts: <p align="center"><font face="Garamond"><b>This page "/update/hosting/old/hosts" doesn't exist or
O1 - Hosts: never existed in the first place. </b></font></p>
O1 - Hosts: <p align="center">
O1 - Hosts: <a href="http://www.GamingAddix.com" style="text-decoration: none; font-weight: 700">
O1 - Hosts: <font color="#000000" face="Garamond">www.GamingAddix.com</font></a></p>
O1 - Hosts: <p align="center">Your IP:
O1 - Hosts: 24.83.138.91<br>
O1 - Hosts: Browser:
O1 - Hosts: Microsoft URL Control - 6.00.8169<br>
O1 - Hosts: Has been Logged for better performance.<br>
O1 - Hosts: <br>
O1 - Hosts: </p>
O1 - Hosts: <p align="center">&nbsp;</p>
O1 - Hosts: <p align="center"><i><font face="Garamond"><b>Your Required Dose Of Game</b></font></i></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td width="617" height="12" bgcolor="#FF931F">&nbsp;</td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: </center>
O1 - Hosts: </div>
O1 - Hosts: <p align="center">&nbsp;</p>
O1 - Hosts: <p align="center">
O1 - Hosts: <img border="10" src="http://i4.photobucke...n3266/oops.jpg" width="700" height="150"></p>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA First - {0826898D-C6EA-40BB-B636-9C82B5565312} - C:\WINDOWS\qvlbodmnwra.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\sixth pop.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SITEELSE] C:\DOCUME~1\Owner\APPLIC~1\gluecash\grey inside.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zsvuxeli] C:\WINDOWS\system32\slcjkbmb.exe
O4 - HKLM\..\Policies\Explorer\Run: [Qe1IANmY0s] C:\Documents and Settings\All Users\Application Data\upszghoz\kfyxerwl.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rubydragonxd....ad/MsnPUpld.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://szqw886.vicp.net/WebDiginet.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\rlls.dll (file missing)
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
O21 - SSODL: tdomgafw - {5A1B8075-E53C-44C0-ABB9-AD04627376FC} - C:\WINDOWS\tdomgafw.dll
O21 - SSODL: wetkadmr - {89339165-AAC2-4E0B-9195-C5A346D38CA9} - C:\WINDOWS\wetkadmr.dll
O22 - SharedTaskScheduler: gulch - {143404b0-ee92-40a7-8705-06fba9a7abf4} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 18978 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2 File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
Duckierawr

Duckierawr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Heres the file

Now where is also
"Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware..." on my internet bar.

Attached Files


Edited by Duckierawr, 04 May 2008 - 05:20 PM.

  • 0

#4
Duckierawr

Duckierawr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
File posted!
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YY -> Mode Load Mpeg Less -> %AllUsersProfile%\Application Data\two setup mode load\sixth pop.exe [C:\Documents and Settings\All Users\Application Data\two setup mode load\sixth pop.exe]
YN -> RelevantKnowledge -> %SystemRoot%\system32\rlvknlg.exe [c:\windows\system32\rlvknlg.exe -boot]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SITEELSE -> %AppData%\gluecash\grey inside.exe [C:\DOCUME~1\Owner\APPLIC~1\gluecash\grey inside.exe]
YY -> zsvuxeli -> %SystemRoot%\system32\slcjkbmb.exe [C:\WINDOWS\system32\slcjkbmb.exe]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\pmai.dll -> %SystemRoot%\system32\pmai.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> {5A1B8075-E53C-44C0-ABB9-AD04627376FC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\tdomgafw.dll [tdomgafw]
YY -> {89339165-AAC2-4E0B-9195-C5A346D38CA9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\wetkadmr.dll [wetkadmr]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> {143404b0-ee92-40a7-8705-06fba9a7abf4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [gulch]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> PremierOpinion -> %SystemRoot%\system32\rlls.dll
YN -> RelevantKnowledge -> %SystemRoot%\system32\rlls.dll
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\Qe1IANmY0s -> C:\Documents and Settings\All Users\Application Data\upszghoz\kfyxerwl.exe [C:\Documents and Settings\All Users\Application Data\upszghoz\kfyxerwl.exe]
< Drives - Autoruns > ->
YY -> Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> G:\Autorun.inf [ FAT32 ]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0826898D-C6EA-40BB-B636-9C82B5565312} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\qvlbodmnwra.dll [DVA First]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
YN -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rk.exe -> C:\WINDOWS\system32\rk.exe [C:\WINDOWS\system32\rk.exe:*:Enabled:rk.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe [C:\Documents and Settings\Owner\Local Settings\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rlvknlg.exe -> c:\windows\system32\rlvknlg.exe [c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\~osC.tmp\ossproxy.exe -> C:\WINDOWS\Temp\~osC.tmp\ossproxy.exe [C:\WINDOWS\Temp\~osC.tmp\ossproxy.exe:*:Enabled:ossproxy.exe]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
YN -> 0 -> FriendlyName = Privacy Protection
YN -> 0 -> Source = file:///C:\WINDOWS\privacy_danger\index.htm
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^Owner^Start Menu^Programs^Startup^hamachi.lnk -> %SystemDrive%\PROGRA~1\Hamachi\hamachi.exe
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> NudgeMania hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\NudgeMania\NudgeMania.exe
YN -> Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe
YN -> ZangoSA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Zango\bin\10.3.37.0\ZangoSA.exe
< MountsPoints2 > ->
YY -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command\\ -> G:\Info.exe [G:\Info.exe folder.htt 480 480]
** -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3222df44-10de-11da-830b-806d6172696f}\_Autorun\DefaultIcon\\
YY -> E:\american\rct.EXE -> E:\american\rct.EXE
< MountsPoints2 > ->
** -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3222df45-10de-11da-830b-806d6172696f}\_Autorun\DefaultIcon\\
YY -> F:\american\rct.EXE -> F:\american\rct.EXE
< MountsPoints2 > ->
YY -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df098391-1648-11da-a380-806d6172696f}\Shell\AutoRun\command\\ -> G:\Info.exe [G:\Info.exe folder.htt 480 480]
[Files/Folders - Created Within 90 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> akttzn.exe -> %SystemRoot%\System32\akttzn.exe
NY -> anticipator.dll -> %SystemRoot%\System32\anticipator.dll
NY -> awtoolb.dll -> %SystemRoot%\System32\awtoolb.dll
NY -> bdn.com -> %SystemRoot%\System32\bdn.com
NY -> bsva-egihsg52.exe -> %SystemRoot%\System32\bsva-egihsg52.exe
NY -> dpcproxy.exe -> %SystemRoot%\System32\dpcproxy.exe
NY -> hoproxy.dll -> %SystemRoot%\System32\hoproxy.dll
NY -> hxiwlgpm.dat -> %SystemRoot%\System32\hxiwlgpm.dat
NY -> hxiwlgpm.exe -> %SystemRoot%\System32\hxiwlgpm.exe
NY -> msgp.exe -> %SystemRoot%\System32\msgp.exe
NY -> msnbho.dll -> %SystemRoot%\System32\msnbho.dll
NY -> mssecu.exe -> %SystemRoot%\System32\mssecu.exe
NY -> msvchost.exe -> %SystemRoot%\System32\msvchost.exe
NY -> mtr2.exe -> %SystemRoot%\System32\mtr2.exe
NY -> mwin32.exe -> %SystemRoot%\System32\mwin32.exe
NY -> netode.exe -> %SystemRoot%\System32\netode.exe
NY -> newsd32.exe -> %SystemRoot%\System32\newsd32.exe
NY -> pmai.dll -> %SystemRoot%\System32\pmai.dll
NY -> pmph.dll -> %SystemRoot%\System32\pmph.dll
NY -> pmxf.dll -> %SystemRoot%\System32\pmxf.dll
NY -> ps1.exe -> %SystemRoot%\System32\ps1.exe
NY -> psof1.exe -> %SystemRoot%\System32\psof1.exe
NY -> psoft1.exe -> %SystemRoot%\System32\psoft1.exe
NY -> regc64.dll -> %SystemRoot%\System32\regc64.dll
NY -> regm64.dll -> %SystemRoot%\System32\regm64.dll
NY -> RICHTX32.OCA -> %SystemRoot%\System32\RICHTX32.OCA
NY -> Rundl1.exe -> %SystemRoot%\System32\Rundl1.exe
NY -> slcjkbmb.exe -> %SystemRoot%\System32\slcjkbmb.exe
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> sncntr.exe -> %SystemRoot%\System32\sncntr.exe
NY -> ssurf022.dll -> %SystemRoot%\System32\ssurf022.dll
NY -> ssvchost.com -> %SystemRoot%\System32\ssvchost.com
NY -> ssvchost.exe -> %SystemRoot%\System32\ssvchost.exe
NY -> sysreq.exe -> %SystemRoot%\System32\sysreq.exe
NY -> taack.dat -> %SystemRoot%\System32\taack.dat
NY -> taack.exe -> %SystemRoot%\System32\taack.exe
NY -> temp#01.exe -> %SystemRoot%\System32\temp#01.exe
NY -> thun.dll -> %SystemRoot%\System32\thun.dll
NY -> thun32.dll -> %SystemRoot%\System32\thun32.dll
NY -> VBIEWER.OCX -> %SystemRoot%\System32\VBIEWER.OCX
NY -> vbsys2.dll -> %SystemRoot%\System32\vbsys2.dll
NY -> vcatchpi.dll -> %SystemRoot%\System32\vcatchpi.dll
NY -> winlogonpc.exe -> %SystemRoot%\System32\winlogonpc.exe
NY -> winsystem.exe -> %SystemRoot%\System32\winsystem.exe
NY -> WINWGPX.EXE -> %SystemRoot%\System32\WINWGPX.EXE
NY -> a.bat -> %SystemRoot%\a.bat
NY -> bdn.com -> %SystemRoot%\bdn.com
NY -> FVProtect.exe -> %SystemRoot%\FVProtect.exe
NY -> iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe
NY -> mslagent -> %SystemRoot%\mslagent
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> mssecu.exe -> %SystemRoot%\mssecu.exe
NY -> privacy_danger -> %SystemRoot%\privacy_danger
NY -> qvlbodmnwra.dll -> %SystemRoot%\qvlbodmnwra.dll
NY -> svorbmke.exe -> %SystemRoot%\svorbmke.exe
NY -> tdomgafw.dll -> %SystemRoot%\tdomgafw.dll
NY -> userconfig9x.dll -> %SystemRoot%\userconfig9x.dll
NY -> wetkadmr.dll -> %SystemRoot%\wetkadmr.dll
NY -> winsystem.exe -> %SystemRoot%\winsystem.exe
NY -> 856B279C9A80CFC4.job -> %SystemRoot%\tasks\856B279C9A80CFC4.job
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> upszghoz -> %AllUsersProfile%\Application Data\upszghoz
NY -> ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA
NY -> Zango -> %AppData%\Zango
NY -> akl -> %ProgramFiles%\akl
NY -> PC-Cleaner -> %ProgramFiles%\PC-Cleaner
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> send axis face acid -> %AllUsersProfile%\Application Data\send axis face acid
NY -> ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA
NY -> Zango -> %AppData%\Zango
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> Zango -> C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango
NY -> 856B279C9A80CFC4.job -> C:\WINDOWS\Tasks\856B279C9A80CFC4.job
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#6
Duckierawr

Duckierawr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey! Thanks but, i fixed my computer by myself over the night yesterday. I deleted the registry values/keys, adware cookies, files, disabled on startup and i was fine! thanks! It was all gone, I appreciate you trying to help me (: thank you very much!
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Honestly your PC is really badly infected

There is no chance you have cleaned the PC yourself

Are you sure you want me to close the thread ?
  • 0

#8
Duckierawr

Duckierawr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Really? it seems to be quite normal, i've ran scans and i've found nothing anymore, no signs of adware on my computer now. i have no idea...
I scanned for adware/malware with windows defender, spybot S&D, ad-aware 2007, and spyhunter. All found nothing, but some found tracking cookies. I think i'm fine, do you think i should still continue the removal process for adware?

Edited by Duckierawr, 06 May 2008 - 12:24 AM.

  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP