Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spotresults+desktop search :( my hijackthis log[CLOSED]


  • This topic is locked This topic is locked

#1
dr_pyser

dr_pyser

    Member

  • Member
  • PipPip
  • 16 posts
hi all, i'm a n00b to this forum, but am having some bad troubles with malware, so any help that anybody has would be greatly, greatly appreciated. i keep getting spotresults.com and desktop search popups, and haven't been able to remove them. i've used adaware and spybot s&d a number of times each, running windows in normal and safe mode, and nothing has removed them. i think i had azesearch for a while as well, but i think i've managed to remove it. anyway, here's my hijackthis log, i hope someone knows what to do! any advice would leave me forever in your debt! :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:24 PM, on 1/06/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\eohdysn.exe
C:\WINDOWS\sysupudt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijak\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeromusta...12&default=sols
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au*;*.primus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SjxFEhUf8] C:\WINDOWS\eohdysn.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AdUpdater] C:\WINDOWS\sysupudt.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co.../azesearch3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1B7FA27-5F98-4FFD-90DC-BC0D64510B04}: NameServer = 203.134.64.66 203.134.65.66
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\l86o0ij3e8o.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Edited by dr_pyser, 01 May 2005 - 05:31 AM.

  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi dr_pyser

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Using windows add remove program file's uninstall the following:
C:\Program Files\ISTsvc\istsvc.exe
Exit when finished.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O1 - Hosts: 69.50.166.13 cracks.am
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [SjxFEhUf8] C:\WINDOWS\eohdysn.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [AdUpdater] C:\WINDOWS\sysupudt.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co.../azesearch3.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\eohdysn.exe
C:\WINDOWS\sysupudt.exe
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\zeta.exe

Exit Explorer.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\eohdysn.exe
C:\WINDOWS\sysupudt.exe
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\zeta.exe

End off killbox file's

Reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
dr_pyser

dr_pyser

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hi thatman! thankyou so much for your help, i deleted all those registry files and desktop search has now gone. i'm still getting spotresult popups tho, and it looks like i have a lot more spyware. i ran the pandasoftwware activescan, and got this log:


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\BullsEye Network
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Program Files\C2Media
Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/BHO No disinfected Windows Registry
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Ron Ron\Favorites\Gambling
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exdl.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Aklsp.dll
Adware:Adware/Transponder No disinfected Windows Registry
Virus:W32/Spybot Disinfected C:\Documents and Settings\All Users\Documents\explore.exe
Virus:Trj/Downloader.BQX Disinfected C:\Documents and Settings\Ron Ron\Desktop\crack_64587.exe
Virus:Trj/Downloader.YD Disinfected C:\Documents and Settings\Ron Ron\Desktop\SPSS_v12[1].0.zip[cbp.exe]
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Car Rentals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Hotel Deals.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Luggage.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Going Places\Travel.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Auctions.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Books.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Computers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Discount.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Flowers.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Golf.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Jewelry.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Movies.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Music.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Online Store.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Perfume.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Shop\Sleepwear.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Technology\Adware Remover.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Technology\Anti-Virus.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Technology\PC Cleaner.lnk
Adware:Adware/CWS No disinfected C:\Documents and Settings\Ron Ron\Favorites\Technology\Tech & gadgets.lnk
Adware:Adware/Lop No disinfected C:\Program Files\aimscr\3502.exe
Adware:Adware/Lop No disinfected C:\Program Files\aimscr\wipe data.dll
Adware:Adware/Lop No disinfected C:\Program Files\C2Media\Setup.exe
Possible Virus. No disinfected C:\Program Files\GameSpy Arcade\fpupdate.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHUpdater.exe
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab[NHelper.dll]
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab[NHUninstaller.exe]
Adware:Adware/NavHelper No disinfected C:\Program Files\NavExcel\NavHelper\v2.0.4c\v2.0.4c.cab[NHUpdater.exe]
Possible Virus. No disinfected C:\WINDOWS\azentretien.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\mxTarget.dll
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\preInsMt.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\preInsTT.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\aklsp.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\akrules.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\akupd.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\angelex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\apycfilt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ayi2dvag.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\bbchk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cegmgr32.dll
Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\system32\cmd.ftp
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dqsrslvr.dll
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\system32\drivers\delprot.sys
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dsmasf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dyserial.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\e0020adoed0c0.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exclean.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\exdl.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\exdl0.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exul.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gpn6l35s1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hr0o05d3e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hrn0055me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hrp0057me.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javexulm.vxd
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\k4nole531h.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ktdpo.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mac40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mhr.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mqexdlm.srg
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\msexreg.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\sjcfiles.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\svcfiles.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\uzerenv.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx0.nls
Virus:Trj/Downloader.AUP Disinfected C:\WINDOWS\VT17.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\watlgvmo.exe
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\wsem300.dll
eeek! :tazz:
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi dr_pyser

Now that what I call a pile of junk ;)

Reboot into Safe Mode: Click here if you don't know how to do this.

Use windows explorer delete the following folders
C:\Program Files\BullsEye Network<--Delete the whole folder
C:\Program Files\C2Media<--Delete the whole folder
C:\Program Files\Power Scan<--Delete the whole folder
C:\Program Files\aimscr\<--Delete the whole folder
C:\Program Files\SideFind<--Delete the whole folder
C:\Program Files\NavExcel<--Delete the whole folder

Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\Documents and Settings\Ron Ron\Favorites\Gambling
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Air Tickets.lnk
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Air Tickets.lnk
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Car Rentals.lnk
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Hotel Deals.lnk
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Luggage.lnk
C:\Documents and Settings\Ron Ron\Favorites\Going Places\Travel.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Auctions.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Books.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Computers.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Discount.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Flowers.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Golf.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Jewelry.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Movies.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Music.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Online Store.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Perfume.lnk
C:\Documents and Settings\Ron Ron\Favorites\Shop\Sleepwear.lnk
C:\Documents and Settings\Ron Ron\Favorites\Technology\Adware Remover.lnk
C:\Documents and Settings\Ron Ron\Favorites\Technology\Anti-Virus.lnk
C:\Documents and Settings\Ron Ron\Favorites\Technology\PC Cleaner.lnk
C:\Documents and Settings\Ron Ron\Favorites\Technology\Tech & gadgets.lnk
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\isrvs
C:\WINDOWS\inf\twaintec.inf
C:\WINDOWS\system32\exdl.exe
C:\WINDOWS\system32\Aklsp.dll
C:\WINDOWS\azentretien.dll
C:\WINDOWS\delprot.ini
C:\WINDOWS\deskbar.ini
C:\WINDOWS\iconu.exe
C:\WINDOWS\inf\twaintec.inf
C:\WINDOWS\mxTarget.dll
C:\WINDOWS\preInsMt.exe
C:\WINDOWS\preInsTT.exe
C:\WINDOWS\system32\akcore.dll
C:\WINDOWS\system32\aklsp.dll
C:\WINDOWS\system32\akrules.dll
C:\WINDOWS\system32\akupd.dll
C:\WINDOWS\system32\angelex.exe
C:\WINDOWS\system32\apycfilt.dll
C:\WINDOWS\system32\ayi2dvag.dll
C:\WINDOWS\system32\bbchk.exe
C:\WINDOWS\system32\cegmgr32.dll
C:\WINDOWS\system32\dqsrslvr.dll
C:\WINDOWS\system32\drivers\delprot.sys
C:\WINDOWS\system32\dsmasf.dll
C:\WINDOWS\system32\dyserial.dll
C:\WINDOWS\system32\e0020adoed0c0.dll
C:\WINDOWS\system32\exclean.exe
C:\WINDOWS\system32\exdl.exe
C:\WINDOWS\system32\exdl0.exe
C:\WINDOWS\system32\exul.exe
C:\WINDOWS\system32\gpn6l35s1.dll
C:\WINDOWS\system32\hr0o05d3e.dll
C:\WINDOWS\system32\hrn0055me.dll
C:\WINDOWS\system32\hrp0057me.dll
C:\WINDOWS\system32\javexulm.vxd
C:\WINDOWS\system32\k4nole531h.dll
C:\WINDOWS\system32\ktdpo.dll
C:\WINDOWS\system32\mac40.dll
C:\WINDOWS\system32\mhr.dll
C:\WINDOWS\system32\mqexdlm.srg
C:\WINDOWS\system32\msexreg.exe
C:\WINDOWS\system32\netut80ex.vxd
C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
C:\WINDOWS\system32\sjcfiles.dll
C:\WINDOWS\system32\svcfiles.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\uzerenv.dll
C:\WINDOWS\system32\vx0.nls
C:\WINDOWS\VT17.exe
C:\WINDOWS\watlgvmo.exe
C:\WINDOWS\wsem300.dll
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]

End off killbox file's

Reboot as normal

Run cleanup

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP