Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Downloader.Small.27.K(hijack log)

Started by wreckmebaby , May 14 2005 03:18 PM

  • This topic is locked This topic is locked

#1
wreckmebaby
Posted 14 May 2005 - 03:18 PM

wreckmebaby

    New Member

  • Member
  • Pip
  • 2 posts
:tazz:
my avg keeps saying i have a Trojan Horse Downloader.Small.27.K but it wont get rid of it and i keep getting pop ups saying to delete or heal and it wont do either.
any help would be greatly appreciated!
thank you.


Logfile of HijackThis v1.99.1
Scan saved at 10:20:06 PM, on 5/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Keyboard Mouse Tool\KbdAp32A.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Information Update\iu.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PKL\bpk.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110444~1\EE\AOLHOS~1.EXE
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\110444~1\EE\AOLServiceHost.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mdjdev.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\john & erica\Desktop\Anti Virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: JavaPlugin Support Dll - {2136FD50-C11F-40CC-A714-F9412F91BD40} - C:\WINDOWS\system32\javacore.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104445649\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BPK] C:\Program Files\PKL\bpk.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094998506525
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures01.ai...AIM.9.5.1.6.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...lim/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) - http://espn-att.star...IEPlayer1_4.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0011.exe
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Guest_thatman_*
Posted 18 May 2005 - 03:36 PM

Guest_thatman_*
  • Guest
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
wreckmebaby
Posted 18 May 2005 - 08:41 PM

wreckmebaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
[FONT=Arial][FONT=Arial][FONT=Arial]

panda active scan

Incident Status Location

Adware:Adware/MediaBack No disinfected C:\WINDOWS\system32\javacore.dll
Adware:Adware/eZula No disinfected C:\Program Files\eZula
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall*.exe
Adware:Adware/Gator No disinfected C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\bundle.inf
Spyware:Spyware/Searchcentrix No disinfected Windows Registry
Adware:Adware/ILookup No disinfected C:\WINDOWS\ILookup
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.inf
Spyware:Spyware/Altnet No disinfected C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\asmfiles.cab
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\rk.exe
Adware:Adware/WhenUSearch No disinfected C:\Program Files\Common Files\Whenu
Adware:Adware/BTGrab No disinfected Windows Registry
Adware:Adware/InstaFinder No disinfected C:\WINDOWS\Downloaded Program Files\instafin.dll
Adware:Adware/P2PNetworking No disinfected C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\p2psetup.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\john & erica\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-31d5d80e-65af8407.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\john & erica\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-31d5d80e-65af8407.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\john & erica\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-31d5d80e-65af8407.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\john & erica\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-31d5d80e-65af8407.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\john & erica\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-31d5d80e-65af8407.zip[Worker.class]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab[asmps.dll]
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\p2psetup.exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\temp.fr2D42
Adware:Adware/eZula No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\Temporary Internet Files\Content.IE5\09UNC9QJ\woinstall[1].exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\john & erica\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y1A1YXYF\eZinstall[1].exe
Adware:Adware/Trymedia No disinfected C:\Downloads\LemonadeTycoon2Setup-dm[1].exe
Spyware:Spyware/New.net No disinfected C:\Program Files\FileSubmit\Magnolia Icon Set\NNEZSTB3.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\FileSubmit\Magnolia Icon Set\NNEZTX638.exe
Spyware:Spyware/New.net No disinfected C:\RECYCLER\S-1-5-21-823518204-854245398-1645431331-1004\Dc9\newdotnet6_38.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\activex.inf
Spyware:Spyware/Searchcentrix No disinfected C:\WINDOWS\Downloaded Program Files\instafin.dll
Adware:Adware/eZula No disinfected C:\WINDOWS\iLookup\ezStub22.exe
Adware:Adware/BTGrab No disinfected C:\WINDOWS\inf\btgrab.inf
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/MediaBack No disinfected C:\WINDOWS\system32\javacore.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\rk.bin
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\rk.exe







hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 7:40:07 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Keyboard Mouse Tool\KbdAp32A.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Information Update\iu.exe
C:\Program Files\PKL\bpk.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110444~1\EE\AOLHOS~1.EXE
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\110444~1\EE\AOLServiceHost.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mdjdev.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\john & erica\Desktop\Anti Virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapp...sgr6/*http://ww

w.yahoo.com/ext/search/search.html
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: JavaPlugin Support Dll - {2136FD50-C11F-40CC-A714-F9412F91BD40}

- C:\WINDOWS\system32\javacore.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02

\bin\jusched.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD

Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program

Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program

Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse

Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse

Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1

\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1104445649\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1

\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1

\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program

Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information

Update\iu.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BPK] C:\Program Files\PKL\bpk.exe
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online

9.0a\AOL.EXE" -b
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-

00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

- http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd.../en/x86/client/

wuweb_site.cab?1094998506525
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...ndmicro.com/hou

secall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -

http://dm.screensave.../sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) -

http://pictures01.ai...AIM.9.5.1.6.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -

http://install.wildt...lim/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) -

http://espn-

att.starwave.com/wireless/website/demos/bottomline2/UIEPlayer1_4.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -

http://www.alwaysupd...ll/aun_0011.exe
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search

Settings Control) -

http://lg.home.micro...rchsettings.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) -

http://www.zoomify.c.../zoomify305.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America

Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd

- C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -

C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America

Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Guest_thatman_*
Posted 19 May 2005 - 06:29 AM

Guest_thatman_*
  • Guest
Hi wreckmebaby

Do you know what this program is C:\Program Files\Information Update\iu.exe
I have mark it for deletion is you think it is safe then do not remove it.

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Download Pocket Killbox and unzip it; save it to your Desktop.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run ewido fullscan save the log and post it with the other logs.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R3 - Default URLSearchHook is missing
O2 - BHO: JavaPlugin Support Dll - {2136FD50-C11F-40CC-A714-F9412F91BD40} - C:\WINDOWS\system32\javacore.dll
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
O4 - HKCU\..\Run: [BPK] C:\Program Files\PKL\bpk.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures01.ai...AIM.9.5.1.6.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) - http://espn-att.star...IEPlayer1_4.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupd...ll/aun_0011.exe
Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Common Files\Whenu<--Delete the whole folder
C:\Program Files\WILDTANGENT<--Delete the whole folder
C:\WINDOWS\ILookup<--Delete the whole folder
C:\Program Files\eZula<--Delete the whole folder
C:\Program Files\Information Update[/B]<--Delete the whole folder
C:\Program Files\PKL<--Delete the whole folder
Exit Explorer.

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\system32\mdjdev.exe
C:\WINDOWS\system32\javacore.dll
C:\WINDOWS\NDNuninstall*.exe
C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\bundle.inf
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\Downloaded Program Files\ActiveX.inf
C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\asmfiles.cab
C:\WINDOWS\Downloaded Program Files\instafin.dll
C:\DOCUME~1\JOHN&E~1\LOCALS~1\Temp\p2psetup.exe
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab
C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab[asm.exe]
C:\Documents and Settings\john & erica\Local Settings\Temp\asmfiles.cab[asmps.dll]
C:\Documents and Settings\john & erica\Local Settings\Temp\p2psetup.exe
C:\Documents and Settings\john & erica\Local Settings\Temp\temp.fr2D42
C:\Documents and Settings\john & erica\Local Settings\Temp\Temporary Internet Files\Content.IE5\09UNC9QJ\woinstall[1].exe
C:\Documents and Settings\john & erica\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y1A1YXYF\eZinstall[1].exe
C:\Downloads\LemonadeTycoon2Setup-dm[1].exe
C:\Program Files\FileSubmit\Magnolia Icon Set\NNEZSTB3.exe
C:\Program Files\FileSubmit\Magnolia Icon Set\NNEZTX638.exe
C:\RECYCLER\S-1-5-21-823518204-854245398-1645431331-1004\Dc9\newdotnet6_38.dll
C:\WINDOWS\Downloaded Program Files\activex.inf
C:\WINDOWS\Downloaded Program Files\instafin.dll
C:\WINDOWS\iLookup\ezStub22.exe
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\javacore.dll
C:\WINDOWS\system32\rk.bin
C:\WINDOWS\system32\rk.exe

Reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted Reboot to let it clean out the remaining files.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP