Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Spy.HTML.Smitfraud.c[RESOLVED]


  • This topic is locked This topic is locked

#1
Robert Boren

Robert Boren

    New Member

  • Member
  • Pip
  • 5 posts
I still get the blue screen with the error message, I done what I could off of your list and ran another hijack this log,

Logfile of HijackThis v1.99.1
Scan saved at 8:50:22 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Direct Connect Office - UM
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\I7GT6D~1.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [dclcncctbgplw] C:\WINDOWS\System32\rnfnfn.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [drsq] C:\WINDOWS\system32\lnvkf.exe
O4 - HKLM\..\Run: [nnpvhlz] C:\WINDOWS\system32\qwapl.exe
O4 - HKLM\..\Run: [dibivpzn] C:\WINDOWS\system32\bzcstxe.exe
O4 - HKLM\..\Run: [ykof] C:\WINDOWS\system32\wzlzo.exe
O4 - HKLM\..\Run: [nparqh] C:\WINDOWS\system32\gtqkpvjd.exe
O4 - HKLM\..\Run: [owbnyyv] C:\WINDOWS\system32\lwau.exe
O4 - HKLM\..\Run: [oyfhbjn] C:\WINDOWS\system32\zbbmtt.exe
O4 - HKLM\..\Run: [zidtsyu] C:\WINDOWS\system32\ljvli.exe
O4 - HKLM\..\Run: [bldws] C:\WINDOWS\system32\vlidbukk.exe
O4 - HKLM\..\Run: [vjshace] C:\WINDOWS\system32\tihrakf.exe
O4 - HKLM\..\Run: [thvd] C:\WINDOWS\system32\qhfncol.exe
O4 - HKLM\..\Run: [qovzagbj] C:\WINDOWS\system32\hneydm.exe
O4 - HKLM\..\Run: [fwkcdrfi] C:\WINDOWS\system32\rhjr.exe
O4 - HKLM\..\Run: [ucfmhgx] C:\WINDOWS\system32\iwhfnxpy.exe
O4 - HKLM\..\Run: [tebjim] C:\WINDOWS\system32\fnfbhavn.exe
O4 - HKLM\..\Run: [rgbhm] C:\WINDOWS\system32\lgucnb.exe
O4 - HKLM\..\Run: [cixwprj] C:\WINDOWS\system32\qudpwrvc.exe
O4 - HKLM\..\Run: [dkakgv] C:\WINDOWS\system32\awrapjg.exe
O4 - HKLM\..\Run: [fwlqm] C:\WINDOWS\system32\ljgkre.exe
O4 - HKLM\..\Run: [qadwva] C:\WINDOWS\system32\xjtfsm.exe
O4 - HKLM\..\Run: [zrukoexd] C:\WINDOWS\system32\oncgpvls.exe
O4 - HKLM\..\Run: [jvglvkcz] C:\WINDOWS\system32\vxfukj.exe
O4 - HKLM\..\Run: [nplara] C:\WINDOWS\system32\uaun.exe
O4 - HKLM\..\Run: [gchkyf] C:\WINDOWS\system32\hwfqwy.exe
O4 - HKLM\..\Run: [cfzcvwk] C:\WINDOWS\system32\riihy.exe
O4 - HKLM\..\Run: [jpyy] C:\WINDOWS\system32\bmavch.exe
O4 - HKLM\..\Run: [zncd] C:\WINDOWS\system32\mggg.exe
O4 - HKLM\..\Run: [unieos] C:\WINDOWS\system32\ltrig.exe
O4 - HKLM\..\Run: [ngxms] C:\WINDOWS\system32\wvwbzvfp.exe
O4 - HKLM\..\Run: [jtzvq] C:\WINDOWS\system32\gympcznz.exe
O4 - HKLM\..\Run: [tcrl] C:\WINDOWS\system32\raradr.exe
O4 - HKLM\..\Run: [qjsfnj] C:\WINDOWS\system32\jrkvia.exe
O4 - HKLM\..\Run: [tipxwr] C:\WINDOWS\system32\dgczbdp.exe
O4 - HKLM\..\Run: [yhnka] C:\WINDOWS\system32\zqpu.exe
O4 - HKLM\..\Run: [vhsuol] C:\WINDOWS\system32\hjsjwty.exe
O4 - HKLM\..\Run: [twmolc] C:\WINDOWS\system32\viydoyu.exe
O4 - HKLM\..\Run: [mwyyw] C:\WINDOWS\system32\iwroijpp.exe
O4 - HKLM\..\Run: [gajav] C:\WINDOWS\system32\qnzdz.exe
O4 - HKLM\..\Run: [iwahywv] C:\WINDOWS\system32\mlomvmnx.exe
O4 - HKLM\..\Run: [jswyg] C:\WINDOWS\system32\zhgqx.exe
O4 - HKLM\..\Run: [kgls] C:\WINDOWS\system32\aois.exe
O4 - HKLM\..\Run: [gsalud] C:\WINDOWS\system32\lrnkhcr.exe
O4 - HKLM\..\Run: [pwiw] C:\WINDOWS\system32\vkbhwcmh.exe
O4 - HKLM\..\Run: [iwxk] C:\WINDOWS\system32\abntn.exe
O4 - HKLM\..\Run: [slngimxf] C:\WINDOWS\system32\kdamowtx.exe
O4 - HKLM\..\Run: [jhht] C:\WINDOWS\system32\nonqqca.exe
O4 - HKLM\..\Run: [lgxp] C:\WINDOWS\system32\qqtjr.exe
O4 - HKLM\..\Run: [axqjoo] C:\WINDOWS\system32\njha.exe
O4 - HKLM\..\Run: [bdmytruz] C:\WINDOWS\system32\gdidje.exe
O4 - HKLM\..\Run: [yslaqo] C:\WINDOWS\system32\dugydh.exe
O4 - HKLM\..\Run: [cgwetgc] C:\WINDOWS\system32\ymnroz.exe
O4 - HKLM\..\Run: [imoctppc] C:\WINDOWS\system32\laguqkk.exe
O4 - HKLM\..\Run: [wgipvtw] C:\WINDOWS\system32\ewzkkafl.exe
O4 - HKLM\..\Run: [maezn] C:\WINDOWS\system32\pyfvcs.exe
O4 - HKLM\..\Run: [yjenwdea] C:\WINDOWS\system32\iwladm.exe
O4 - HKLM\..\Run: [dvdwtrf] C:\WINDOWS\system32\pwhpok.exe
O4 - HKLM\..\Run: [tglert] C:\WINDOWS\system32\ctraqvfy.exe
O4 - HKLM\..\Run: [juhw] C:\WINDOWS\system32\qwykus.exe
O4 - HKLM\..\Run: [kjdipoed] C:\WINDOWS\system32\bqdc.exe
O4 - HKLM\..\Run: [vsifu] C:\WINDOWS\system32\zjpif.exe
O4 - HKLM\..\Run: [klebbnsm] C:\WINDOWS\system32\wvrior.exe
O4 - HKLM\..\Run: [mikhzz] C:\WINDOWS\system32\pljka.exe
O4 - HKLM\..\Run: [predeve] C:\WINDOWS\system32\afpvbvwc.exe
O4 - HKLM\..\Run: [lnqbtuo] C:\WINDOWS\system32\frvt.exe
O4 - HKLM\..\Run: [xqwk] C:\WINDOWS\system32\msdph.exe
O4 - HKLM\..\Run: [jpdqvuo] C:\WINDOWS\system32\ewkimlv.exe
O4 - HKLM\..\Run: [pnps] C:\WINDOWS\system32\nsvbb.exe
O4 - HKLM\..\Run: [zrkw] C:\WINDOWS\system32\nkzqdggd.exe
O4 - HKLM\..\Run: [ovvfynu] C:\WINDOWS\system32\fruronx.exe
O4 - HKLM\..\Run: [dtxu] C:\WINDOWS\system32\chsmqqd.exe
O4 - HKLM\..\Run: [ineqkn] C:\WINDOWS\system32\vdaqcxdq.exe
O4 - HKLM\..\Run: [soqf] C:\WINDOWS\system32\ygfidp.exe
O4 - HKLM\..\Run: [wqjfmy] C:\WINDOWS\system32\ktzzkr.exe
O4 - HKLM\..\Run: [hsxb] C:\WINDOWS\system32\lhvttkc.exe
O4 - HKLM\..\Run: [javrjsjm] C:\WINDOWS\system32\yumedglo.exe
O4 - HKLM\..\Run: [oojlclg] C:\WINDOWS\system32\xwrd.exe
O4 - HKLM\..\Run: [rxhtknt] C:\WINDOWS\system32\qlnqi.exe
O4 - HKLM\..\Run: [bcavhhnr] C:\WINDOWS\system32\ansajicr.exe
O4 - HKLM\..\Run: [jftw] C:\WINDOWS\system32\yroel.exe
O4 - HKLM\..\Run: [etqays] C:\WINDOWS\system32\iltompuh.exe
O4 - HKLM\..\Run: [qrkqiwpu] C:\WINDOWS\system32\bmtzv.exe
O4 - HKLM\..\Run: [bblyybbr] C:\WINDOWS\system32\logs.exe
O4 - HKLM\..\Run: [zpdhw] C:\WINDOWS\system32\qqbana.exe
O4 - HKLM\..\Run: [aadlzas] C:\WINDOWS\system32\bsgso.exe
O4 - HKLM\..\Run: [uity] C:\WINDOWS\system32\ngvfrxhp.exe
O4 - HKLM\..\Run: [pcaxb] C:\WINDOWS\system32\xjipsqs.exe
O4 - HKLM\..\Run: [fjhgwvyl] C:\WINDOWS\system32\htcsfnno.exe
O4 - HKLM\..\Run: [yrjqvtr] C:\WINDOWS\system32\cque.exe
O4 - HKLM\..\Run: [bnek] C:\WINDOWS\system32\mhbekdxe.exe
O4 - HKLM\..\Run: [yqjfj] C:\WINDOWS\system32\wbgxlv.exe
O4 - HKLM\..\Run: [bbxj] C:\WINDOWS\system32\wsse.exe
O4 - HKLM\..\Run: [dhwfs] C:\WINDOWS\system32\wjpic.exe
O4 - HKLM\..\Run: [pfczscrz] C:\WINDOWS\system32\capzue.exe
O4 - HKLM\..\Run: [xjjsksxe] C:\WINDOWS\system32\fcvj.exe
O4 - HKLM\..\Run: [bjfndr] C:\WINDOWS\system32\wpogu.exe
O4 - HKLM\..\Run: [vveiezta] C:\WINDOWS\system32\ystzusll.exe
O4 - HKLM\..\Run: [psfikx] C:\WINDOWS\system32\jkadx.exe
O4 - HKLM\..\Run: [rrkl] C:\WINDOWS\system32\sfskt.exe
O4 - HKLM\..\Run: [zbzg] C:\WINDOWS\system32\ozctm.exe
O4 - HKLM\..\Run: [lkvnol] C:\WINDOWS\system32\ycpm.exe
O4 - HKLM\..\Run: [xphn] C:\WINDOWS\system32\nrct.exe
O4 - HKLM\..\Run: [bojvb] C:\WINDOWS\system32\yuilqqab.exe
O4 - HKLM\..\Run: [fsacnkc] C:\WINDOWS\system32\dzrd.exe
O4 - HKLM\..\Run: [hxeo] C:\WINDOWS\system32\pjff.exe
O4 - HKLM\..\Run: [ueogsex] C:\WINDOWS\system32\yrqw.exe
O4 - HKLM\..\Run: [nyfgqe] C:\WINDOWS\system32\qehvq.exe
O4 - HKLM\..\Run: [zslm] C:\WINDOWS\system32\jpawwsr.exe
O4 - HKLM\..\Run: [ohfa] C:\WINDOWS\system32\izbjs.exe
O4 - HKLM\..\Run: [izgbmp] C:\WINDOWS\system32\ltgbsyhb.exe
O4 - HKLM\..\Run: [aqang] C:\WINDOWS\system32\yaalij.exe
O4 - HKLM\..\Run: [cxbeif] C:\WINDOWS\system32\jugd.exe
O4 - HKLM\..\Run: [dwuzq] C:\WINDOWS\system32\rfhrjvj.exe
O4 - HKLM\..\Run: [udrem] C:\WINDOWS\system32\bhujj.exe
O4 - HKLM\..\Run: [ojnetf] C:\WINDOWS\system32\reeuyajy.exe
O4 - HKLM\..\Run: [lftcetfr] C:\WINDOWS\system32\maof.exe
O4 - HKLM\..\Run: [iecpfsi] C:\WINDOWS\system32\hfnjha.exe
O4 - HKLM\..\Run: [szxeubcp] C:\WINDOWS\system32\ubymjdxd.exe
O4 - HKLM\..\Run: [quvgqwdd] C:\WINDOWS\system32\qnwiis.exe
O4 - HKLM\..\Run: [lrzjxn] C:\WINDOWS\system32\dkpljdfl.exe
O4 - HKLM\..\Run: [tktqmzy] C:\WINDOWS\system32\ybee.exe
O4 - HKLM\..\Run: [murlvvln] C:\WINDOWS\system32\idkxnlu.exe
O4 - HKLM\..\Run: [rraj] C:\WINDOWS\system32\lcgk.exe
O4 - HKLM\..\Run: [xpuct] C:\WINDOWS\system32\vxluikc.exe
O4 - HKLM\..\Run: [azchwpg] C:\WINDOWS\system32\zmujw.exe
O4 - HKLM\..\Run: [potrdp] C:\WINDOWS\system32\kgzuxdkt.exe
O4 - HKLM\..\Run: [klxxum] C:\WINDOWS\system32\xjldmva.exe
O4 - HKLM\..\Run: [edursr] C:\WINDOWS\system32\iorkvq.exe
O4 - HKLM\..\Run: [wrlnt] C:\WINDOWS\system32\cuqs.exe
O4 - HKLM\..\Run: [tbtsupo] C:\WINDOWS\system32\njip.exe
O4 - HKLM\..\Run: [gchbwjs] C:\WINDOWS\system32\pdviamm.exe
O4 - HKLM\..\Run: [irfvwnak] C:\WINDOWS\system32\cxpw.exe
O4 - HKLM\..\Run: [tbmumol] C:\WINDOWS\system32\nhwnhpe.exe
O4 - HKLM\..\Run: [rwezjvj] C:\WINDOWS\system32\zvhqbazq.exe
O4 - HKLM\..\Run: [axdrsju] C:\WINDOWS\system32\oupvw.exe
O4 - HKLM\..\Run: [sfhcbh] C:\WINDOWS\system32\jqhyyl.exe
O4 - HKLM\..\Run: [puaw] C:\WINDOWS\system32\tdzcsfg.exe
O4 - HKLM\..\Run: [jndang] C:\WINDOWS\system32\ocal.exe
O4 - HKLM\..\Run: [xhpti] C:\WINDOWS\system32\qlugwlkw.exe
O4 - HKLM\..\Run: [hgglcrfr] C:\WINDOWS\system32\pqvzk.exe
O4 - HKLM\..\Run: [pnql] C:\WINDOWS\system32\pbshnu.exe
O4 - HKLM\..\Run: [grdik] C:\WINDOWS\system32\yuikep.exe
O4 - HKLM\..\Run: [aaflaxd] C:\WINDOWS\system32\jonuf.exe
O4 - HKLM\..\Run: [chhyarm] C:\WINDOWS\system32\baqsp.exe
O4 - HKLM\..\Run: [qokbzbjg] C:\WINDOWS\system32\oxivqdy.exe
O4 - HKLM\..\Run: [cqpyombl] C:\WINDOWS\system32\evnda.exe
O4 - HKLM\..\Run: [lskc] C:\WINDOWS\system32\tqfgx.exe
O4 - HKLM\..\Run: [kbhsq] C:\WINDOWS\system32\dtkzykwm.exe
O4 - HKLM\..\Run: [pbphx] C:\WINDOWS\system32\kkjfj.exe
O4 - HKLM\..\Run: [mktbngk] C:\WINDOWS\system32\uqaidkp.exe
O4 - HKLM\..\Run: [eislox] C:\WINDOWS\system32\eknaec.exe
O4 - HKLM\..\Run: [nhkmp] C:\WINDOWS\system32\tvxrvcit.exe
O4 - HKLM\..\Run: [mdvz] C:\WINDOWS\system32\eplkwu.exe
O4 - HKLM\..\Run: [hpkd] C:\WINDOWS\system32\mkjx.exe
O4 - HKLM\..\Run: [kvhtk] C:\WINDOWS\system32\jaht.exe
O4 - HKLM\..\Run: [glmx] C:\WINDOWS\system32\piojjyd.exe
O4 - HKLM\..\Run: [nfutec] C:\WINDOWS\system32\rkttj.exe
O4 - HKLM\..\Run: [gfjqcrz] C:\WINDOWS\system32\gmocqrds.exe
O4 - HKLM\..\Run: [tjoxo] C:\WINDOWS\system32\rguvjk.exe
O4 - HKLM\..\Run: [yohup] C:\WINDOWS\system32\ndcrcfh.exe
O4 - HKLM\..\Run: [rrmwa] C:\WINDOWS\system32\yficc.exe
O4 - HKLM\..\Run: [cmqg] C:\WINDOWS\system32\qbqnrn.exe
O4 - HKLM\..\Run: [wwayyv] C:\WINDOWS\system32\tvvyr.exe
O4 - HKLM\..\Run: [iytkelv] C:\WINDOWS\system32\gqtynta.exe
O4 - HKLM\..\Run: [llwhlpor] C:\WINDOWS\system32\qtzrn.exe
O4 - HKLM\..\Run: [otjjrbb] C:\WINDOWS\system32\gnjuab.exe
O4 - HKLM\..\Run: [tucdyu] C:\WINDOWS\system32\qwwhdd.exe
O4 - HKLM\..\Run: [soqhoum] C:\WINDOWS\system32\dspkenjo.exe
O4 - HKLM\..\Run: [mozp] C:\WINDOWS\system32\hlhhpf.exe
O4 - HKLM\..\Run: [gvzgtva] C:\WINDOWS\system32\bxdnjjdr.exe
O4 - HKLM\..\Run: [egmzdgxd] C:\WINDOWS\system32\zwmfiew.exe
O4 - HKLM\..\Run: [wqlu] C:\WINDOWS\system32\qyen.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avlo] C:\WINDOWS\system32\sxiynvnm.exe
O4 - HKLM\..\Run: [fainq] C:\WINDOWS\system32\csvroo.exe
O4 - HKLM\..\Run: [rsjlqa] C:\WINDOWS\system32\xkshmjs.exe
O4 - HKLM\..\Run: [xmhjlyj] C:\WINDOWS\system32\mxsiyw.exe
O4 - HKLM\..\Run: [dxcgrwpp] C:\WINDOWS\system32\vpsc.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Startup: StripSaver.lnk = C:\Program Files\StripSaver\StripSaver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {065B18FF-5C30-4A10-937E-08E37BE9C2C3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {065B18FF-5C30-4A10-937E-08E37BE9C2C3} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E28E6D73-7F81-4C5D-A59F-C11D2B147DC4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E28E6D73-7F81-4C5D-A59F-C11D2B147DC4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F08C0EC1-49AF-43A2-9D6D-4136DFC3FB85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F08C0EC1-49AF-43A2-9D6D-4136DFC3FB85} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.umt.edu/reslife
O15 - Trusted Zone: *.umt.edu (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: sy2yrowyj81e4vdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Thanks
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I highly recommend that you uninstall BearShare. It has spyware/adware in it. Don't ask what other P2P programs I recommend using. I will say stay away from all of them since they contribute to these infections and others.

This is going to take a while for you to fix, but take your time. We want to make sure you get to fix all of these so it will leave less junk behind during the next round.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Right click on this link -> http://www.bleepingc...g/smitfraud.reg and save that file. Double click on it and click on Yes when it asks you if you want to merge it into the registry. Once that's done, right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.

Go to Start->-Control Panel->Add or Remove Programs and remove/uninstall the following programs, if found:

Security iGuard
Virtual Maid
Search Maid
StripSaver


Exit Add/Remove Programs.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy the below files in GREEN and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with red circle with a white X. Confirm to delete and when asked if you want to reboot now, say no:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\system32\ole32vbs.exe
C:\WINDOWS\system32\I7GT6D~1.DLL
C:\WINDOWS\System32\rnfnfn.exe
C:\WINDOWS\system32\lnvkf.exe
C:\WINDOWS\system32\qwapl.exe
C:\WINDOWS\system32\bzcstxe.exe
C:\WINDOWS\system32\wzlzo.exe
C:\WINDOWS\system32\gtqkpvjd.exe
C:\WINDOWS\system32\lwau.exe
C:\WINDOWS\system32\zbbmtt.exe
C:\WINDOWS\system32\ljvli.exe
C:\WINDOWS\system32\vlidbukk.exe
C:\WINDOWS\system32\tihrakf.exe
C:\WINDOWS\system32\qhfncol.exe
C:\WINDOWS\system32\hneydm.exe
C:\WINDOWS\system32\rhjr.exe
C:\WINDOWS\system32\iwhfnxpy.exe
C:\WINDOWS\system32\fnfbhavn.exe
C:\WINDOWS\system32\lgucnb.exe
C:\WINDOWS\system32\qudpwrvc.exe
C:\WINDOWS\system32\awrapjg.exe
C:\WINDOWS\system32\ljgkre.exe
C:\WINDOWS\system32\xjtfsm.exe
C:\WINDOWS\system32\oncgpvls.exe
C:\WINDOWS\system32\vxfukj.exe
C:\WINDOWS\system32\uaun.exe
C:\WINDOWS\system32\hwfqwy.exe
C:\WINDOWS\system32\riihy.exe
C:\WINDOWS\system32\bmavch.exe
C:\WINDOWS\system32\mggg.exe
C:\WINDOWS\system32\ltrig.exe
C:\WINDOWS\system32\wvwbzvfp.exe
C:\WINDOWS\system32\gympcznz.exe
C:\WINDOWS\system32\raradr.exe
C:\WINDOWS\system32\jrkvia.exe
C:\WINDOWS\system32\dgczbdp.exe
C:\WINDOWS\system32\zqpu.exe
C:\WINDOWS\system32\hjsjwty.exe
C:\WINDOWS\system32\viydoyu.exe
C:\WINDOWS\system32\iwroijpp.exe
C:\WINDOWS\system32\qnzdz.exe
C:\WINDOWS\system32\mlomvmnx.exe
C:\WINDOWS\system32\zhgqx.exe
C:\WINDOWS\system32\aois.exe
C:\WINDOWS\system32\lrnkhcr.exe
C:\WINDOWS\system32\vkbhwcmh.exe
C:\WINDOWS\system32\abntn.exe
C:\WINDOWS\system32\kdamowtx.exe
C:\WINDOWS\system32\nonqqca.exe
C:\WINDOWS\system32\qqtjr.exe
C:\WINDOWS\system32\njha.exe
C:\WINDOWS\system32\gdidje.exe
C:\WINDOWS\system32\dugydh.exe
C:\WINDOWS\system32\ymnroz.exe
C:\WINDOWS\system32\laguqkk.exe
C:\WINDOWS\system32\ewzkkafl.exe
C:\WINDOWS\system32\pyfvcs.exe
C:\WINDOWS\system32\iwladm.exe
C:\WINDOWS\system32\pwhpok.exe
C:\WINDOWS\system32\ctraqvfy.exe
C:\WINDOWS\system32\qwykus.exe
C:\WINDOWS\system32\bqdc.exe
C:\WINDOWS\system32\zjpif.exe
C:\WINDOWS\system32\wvrior.exe
C:\WINDOWS\system32\pljka.exe
C:\WINDOWS\system32\afpvbvwc.exe
C:\WINDOWS\system32\frvt.exe
C:\WINDOWS\system32\msdph.exe
C:\WINDOWS\system32\ewkimlv.exe
C:\WINDOWS\system32\nsvbb.exe
C:\WINDOWS\system32\nkzqdggd.exe
C:\WINDOWS\system32\fruronx.exe
C:\WINDOWS\system32\chsmqqd.exe
C:\WINDOWS\system32\vdaqcxdq.exe
C:\WINDOWS\system32\ygfidp.exe
C:\WINDOWS\system32\ktzzkr.exe
C:\WINDOWS\system32\lhvttkc.exe
C:\WINDOWS\system32\yumedglo.exe
C:\WINDOWS\system32\xwrd.exe
C:\WINDOWS\system32\qlnqi.exe
C:\WINDOWS\system32\ansajicr.exe
C:\WINDOWS\system32\yroel.exe
C:\WINDOWS\system32\iltompuh.exe
C:\WINDOWS\system32\bmtzv.exe
C:\WINDOWS\system32\logs.exe
C:\WINDOWS\system32\qqbana.exe
C:\WINDOWS\system32\bsgso.exe
C:\WINDOWS\system32\ngvfrxhp.exe
C:\WINDOWS\system32\xjipsqs.exe
C:\WINDOWS\system32\htcsfnno.exe
C:\WINDOWS\system32\cque.exe
C:\WINDOWS\system32\mhbekdxe.exe
C:\WINDOWS\system32\wbgxlv.exe
C:\WINDOWS\system32\wsse.exe
C:\WINDOWS\system32\wjpic.exe
C:\WINDOWS\system32\capzue.exe
C:\WINDOWS\system32\fcvj.exe
C:\WINDOWS\system32\wpogu.exe
C:\WINDOWS\system32\ystzusll.exe
C:\WINDOWS\system32\jkadx.exe
C:\WINDOWS\system32\sfskt.exe
C:\WINDOWS\system32\ozctm.exe
C:\WINDOWS\system32\ycpm.exe
C:\WINDOWS\system32\nrct.exe
C:\WINDOWS\system32\yuilqqab.exe
C:\WINDOWS\system32\dzrd.exe
C:\WINDOWS\system32\pjff.exe
C:\WINDOWS\system32\yrqw.exe
C:\WINDOWS\system32\qehvq.exe
C:\WINDOWS\system32\jpawwsr.exe
C:\WINDOWS\system32\izbjs.exe
C:\WINDOWS\system32\ltgbsyhb.exe
C:\WINDOWS\system32\yaalij.exe
C:\WINDOWS\system32\jugd.exe
C:\WINDOWS\system32\rfhrjvj.exe
C:\WINDOWS\system32\bhujj.exe
C:\WINDOWS\system32\reeuyajy.exe
C:\WINDOWS\system32\maof.exe
C:\WINDOWS\system32\hfnjha.exe
C:\WINDOWS\system32\ubymjdxd.exe
C:\WINDOWS\system32\qnwiis.exe
C:\WINDOWS\system32\dkpljdfl.exe
C:\WINDOWS\system32\ybee.exe
C:\WINDOWS\system32\idkxnlu.exe
C:\WINDOWS\system32\lcgk.exe
C:\WINDOWS\system32\vxluikc.exe
C:\WINDOWS\system32\zmujw.exe
C:\WINDOWS\system32\kgzuxdkt.exe
C:\WINDOWS\system32\xjldmva.exe
C:\WINDOWS\system32\iorkvq.exe
C:\WINDOWS\system32\cuqs.exe
C:\WINDOWS\system32\njip.exe
C:\WINDOWS\system32\pdviamm.exe
C:\WINDOWS\system32\cxpw.exe
C:\WINDOWS\system32\nhwnhpe.exe
C:\WINDOWS\system32\zvhqbazq.exe
C:\WINDOWS\system32\oupvw.exe
C:\WINDOWS\system32\jqhyyl.exe
C:\WINDOWS\system32\tdzcsfg.exe
C:\WINDOWS\system32\ocal.exe
C:\WINDOWS\system32\qlugwlkw.exe
C:\WINDOWS\system32\pqvzk.exe
C:\WINDOWS\system32\pbshnu.exe
C:\WINDOWS\system32\yuikep.exe
C:\WINDOWS\system32\jonuf.exe
C:\WINDOWS\system32\baqsp.exe
C:\WINDOWS\system32\oxivqdy.exe
C:\WINDOWS\system32\evnda.exe
C:\WINDOWS\system32\tqfgx.exe
C:\WINDOWS\system32\dtkzykwm.exe
C:\WINDOWS\system32\kkjfj.exe
C:\WINDOWS\system32\uqaidkp.exe
C:\WINDOWS\system32\eknaec.exe
C:\WINDOWS\system32\tvxrvcit.exe
C:\WINDOWS\system32\eplkwu.exe
C:\WINDOWS\system32\mkjx.exe
C:\WINDOWS\system32\jaht.exe
C:\WINDOWS\system32\piojjyd.exe
C:\WINDOWS\system32\rkttj.exe
C:\WINDOWS\system32\gmocqrds.exe
C:\WINDOWS\system32\rguvjk.exe
C:\WINDOWS\system32\ndcrcfh.exe
C:\WINDOWS\system32\yficc.exe
C:\WINDOWS\system32\qbqnrn.exe
C:\WINDOWS\system32\tvvyr.exe
C:\WINDOWS\system32\gqtynta.exe
C:\WINDOWS\system32\qtzrn.exe
C:\WINDOWS\system32\gnjuab.exe
C:\WINDOWS\system32\qwwhdd.exe
C:\WINDOWS\system32\dspkenjo.exe
C:\WINDOWS\system32\hlhhpf.exe
C:\WINDOWS\system32\bxdnjjdr.exe
C:\WINDOWS\system32\zwmfiew.exe
C:\WINDOWS\system32\qyen.exe
C:\WINDOWS\system32\sxiynvnm.exe
C:\WINDOWS\system32\csvroo.exe
C:\WINDOWS\system32\xkshmjs.exe
C:\WINDOWS\system32\mxsiyw.exe
C:\WINDOWS\system32\vpsc.exe
C:\WINDOWS\system32\sy2yrowyj81e4vdll
C:\WINDOWS\system32\sy2yrowyj81e4v.dll
C:\WINDOWS\sy2yrowyj81e4vdll
C:\WINDOWS\sy2yrowyj81e4v.dll
C:\Program Files\StripSaver\


Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Delete these folders if they exist:

C:\Program Files\Search Maid\
C:\Program Files\Virtual Maid\
C:\Windows\System32\Log Files\
C:\Program Files\Security iGuard\


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=9
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\I7GT6D~1.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [dclcncctbgplw] C:\WINDOWS\System32\rnfnfn.exe
O4 - HKLM\..\Run: [drsq] C:\WINDOWS\system32\lnvkf.exe
O4 - HKLM\..\Run: [nnpvhlz] C:\WINDOWS\system32\qwapl.exe
O4 - HKLM\..\Run: [dibivpzn] C:\WINDOWS\system32\bzcstxe.exe
O4 - HKLM\..\Run: [ykof] C:\WINDOWS\system32\wzlzo.exe
O4 - HKLM\..\Run: [nparqh] C:\WINDOWS\system32\gtqkpvjd.exe
O4 - HKLM\..\Run: [owbnyyv] C:\WINDOWS\system32\lwau.exe
O4 - HKLM\..\Run: [oyfhbjn] C:\WINDOWS\system32\zbbmtt.exe
O4 - HKLM\..\Run: [zidtsyu] C:\WINDOWS\system32\ljvli.exe
O4 - HKLM\..\Run: [bldws] C:\WINDOWS\system32\vlidbukk.exe
O4 - HKLM\..\Run: [vjshace] C:\WINDOWS\system32\tihrakf.exe
O4 - HKLM\..\Run: [thvd] C:\WINDOWS\system32\qhfncol.exe
O4 - HKLM\..\Run: [qovzagbj] C:\WINDOWS\system32\hneydm.exe
O4 - HKLM\..\Run: [fwkcdrfi] C:\WINDOWS\system32\rhjr.exe
O4 - HKLM\..\Run: [ucfmhgx] C:\WINDOWS\system32\iwhfnxpy.exe
O4 - HKLM\..\Run: [tebjim] C:\WINDOWS\system32\fnfbhavn.exe
O4 - HKLM\..\Run: [rgbhm] C:\WINDOWS\system32\lgucnb.exe
O4 - HKLM\..\Run: [cixwprj] C:\WINDOWS\system32\qudpwrvc.exe
O4 - HKLM\..\Run: [dkakgv] C:\WINDOWS\system32\awrapjg.exe
O4 - HKLM\..\Run: [fwlqm] C:\WINDOWS\system32\ljgkre.exe
O4 - HKLM\..\Run: [qadwva] C:\WINDOWS\system32\xjtfsm.exe
O4 - HKLM\..\Run: [zrukoexd] C:\WINDOWS\system32\oncgpvls.exe
O4 - HKLM\..\Run: [jvglvkcz] C:\WINDOWS\system32\vxfukj.exe
O4 - HKLM\..\Run: [nplara] C:\WINDOWS\system32\uaun.exe
O4 - HKLM\..\Run: [gchkyf] C:\WINDOWS\system32\hwfqwy.exe
O4 - HKLM\..\Run: [cfzcvwk] C:\WINDOWS\system32\riihy.exe
O4 - HKLM\..\Run: [jpyy] C:\WINDOWS\system32\bmavch.exe
O4 - HKLM\..\Run: [zncd] C:\WINDOWS\system32\mggg.exe
O4 - HKLM\..\Run: [unieos] C:\WINDOWS\system32\ltrig.exe
O4 - HKLM\..\Run: [ngxms] C:\WINDOWS\system32\wvwbzvfp.exe
O4 - HKLM\..\Run: [jtzvq] C:\WINDOWS\system32\gympcznz.exe
O4 - HKLM\..\Run: [tcrl] C:\WINDOWS\system32\raradr.exe
O4 - HKLM\..\Run: [qjsfnj] C:\WINDOWS\system32\jrkvia.exe
O4 - HKLM\..\Run: [tipxwr] C:\WINDOWS\system32\dgczbdp.exe
O4 - HKLM\..\Run: [yhnka] C:\WINDOWS\system32\zqpu.exe
O4 - HKLM\..\Run: [vhsuol] C:\WINDOWS\system32\hjsjwty.exe
O4 - HKLM\..\Run: [twmolc] C:\WINDOWS\system32\viydoyu.exe
O4 - HKLM\..\Run: [mwyyw] C:\WINDOWS\system32\iwroijpp.exe
O4 - HKLM\..\Run: [gajav] C:\WINDOWS\system32\qnzdz.exe
O4 - HKLM\..\Run: [iwahywv] C:\WINDOWS\system32\mlomvmnx.exe
O4 - HKLM\..\Run: [jswyg] C:\WINDOWS\system32\zhgqx.exe
O4 - HKLM\..\Run: [kgls] C:\WINDOWS\system32\aois.exe
O4 - HKLM\..\Run: [gsalud] C:\WINDOWS\system32\lrnkhcr.exe
O4 - HKLM\..\Run: [pwiw] C:\WINDOWS\system32\vkbhwcmh.exe
O4 - HKLM\..\Run: [iwxk] C:\WINDOWS\system32\abntn.exe
O4 - HKLM\..\Run: [slngimxf] C:\WINDOWS\system32\kdamowtx.exe
O4 - HKLM\..\Run: [jhht] C:\WINDOWS\system32\nonqqca.exe
O4 - HKLM\..\Run: [lgxp] C:\WINDOWS\system32\qqtjr.exe
O4 - HKLM\..\Run: [axqjoo] C:\WINDOWS\system32\njha.exe
O4 - HKLM\..\Run: [bdmytruz] C:\WINDOWS\system32\gdidje.exe
O4 - HKLM\..\Run: [yslaqo] C:\WINDOWS\system32\dugydh.exe
O4 - HKLM\..\Run: [cgwetgc] C:\WINDOWS\system32\ymnroz.exe
O4 - HKLM\..\Run: [imoctppc] C:\WINDOWS\system32\laguqkk.exe
O4 - HKLM\..\Run: [wgipvtw] C:\WINDOWS\system32\ewzkkafl.exe
O4 - HKLM\..\Run: [maezn] C:\WINDOWS\system32\pyfvcs.exe
O4 - HKLM\..\Run: [yjenwdea] C:\WINDOWS\system32\iwladm.exe
O4 - HKLM\..\Run: [dvdwtrf] C:\WINDOWS\system32\pwhpok.exe
O4 - HKLM\..\Run: [tglert] C:\WINDOWS\system32\ctraqvfy.exe
O4 - HKLM\..\Run: [juhw] C:\WINDOWS\system32\qwykus.exe
O4 - HKLM\..\Run: [kjdipoed] C:\WINDOWS\system32\bqdc.exe
O4 - HKLM\..\Run: [vsifu] C:\WINDOWS\system32\zjpif.exe
O4 - HKLM\..\Run: [klebbnsm] C:\WINDOWS\system32\wvrior.exe
O4 - HKLM\..\Run: [mikhzz] C:\WINDOWS\system32\pljka.exe
O4 - HKLM\..\Run: [predeve] C:\WINDOWS\system32\afpvbvwc.exe
O4 - HKLM\..\Run: [lnqbtuo] C:\WINDOWS\system32\frvt.exe
O4 - HKLM\..\Run: [xqwk] C:\WINDOWS\system32\msdph.exe
O4 - HKLM\..\Run: [jpdqvuo] C:\WINDOWS\system32\ewkimlv.exe
O4 - HKLM\..\Run: [pnps] C:\WINDOWS\system32\nsvbb.exe
O4 - HKLM\..\Run: [zrkw] C:\WINDOWS\system32\nkzqdggd.exe
O4 - HKLM\..\Run: [ovvfynu] C:\WINDOWS\system32\fruronx.exe
O4 - HKLM\..\Run: [dtxu] C:\WINDOWS\system32\chsmqqd.exe
O4 - HKLM\..\Run: [ineqkn] C:\WINDOWS\system32\vdaqcxdq.exe
O4 - HKLM\..\Run: [soqf] C:\WINDOWS\system32\ygfidp.exe
O4 - HKLM\..\Run: [wqjfmy] C:\WINDOWS\system32\ktzzkr.exe
O4 - HKLM\..\Run: [hsxb] C:\WINDOWS\system32\lhvttkc.exe
O4 - HKLM\..\Run: [javrjsjm] C:\WINDOWS\system32\yumedglo.exe
O4 - HKLM\..\Run: [oojlclg] C:\WINDOWS\system32\xwrd.exe
O4 - HKLM\..\Run: [rxhtknt] C:\WINDOWS\system32\qlnqi.exe
O4 - HKLM\..\Run: [bcavhhnr] C:\WINDOWS\system32\ansajicr.exe
O4 - HKLM\..\Run: [jftw] C:\WINDOWS\system32\yroel.exe
O4 - HKLM\..\Run: [etqays] C:\WINDOWS\system32\iltompuh.exe
O4 - HKLM\..\Run: [qrkqiwpu] C:\WINDOWS\system32\bmtzv.exe
O4 - HKLM\..\Run: [bblyybbr] C:\WINDOWS\system32\logs.exe
O4 - HKLM\..\Run: [zpdhw] C:\WINDOWS\system32\qqbana.exe
O4 - HKLM\..\Run: [aadlzas] C:\WINDOWS\system32\bsgso.exe
O4 - HKLM\..\Run: [uity] C:\WINDOWS\system32\ngvfrxhp.exe
O4 - HKLM\..\Run: [pcaxb] C:\WINDOWS\system32\xjipsqs.exe
O4 - HKLM\..\Run: [fjhgwvyl] C:\WINDOWS\system32\htcsfnno.exe
O4 - HKLM\..\Run: [yrjqvtr] C:\WINDOWS\system32\cque.exe
O4 - HKLM\..\Run: [bnek] C:\WINDOWS\system32\mhbekdxe.exe
O4 - HKLM\..\Run: [yqjfj] C:\WINDOWS\system32\wbgxlv.exe
O4 - HKLM\..\Run: [bbxj] C:\WINDOWS\system32\wsse.exe
O4 - HKLM\..\Run: [dhwfs] C:\WINDOWS\system32\wjpic.exe
O4 - HKLM\..\Run: [pfczscrz] C:\WINDOWS\system32\capzue.exe
O4 - HKLM\..\Run: [xjjsksxe] C:\WINDOWS\system32\fcvj.exe
O4 - HKLM\..\Run: [bjfndr] C:\WINDOWS\system32\wpogu.exe
O4 - HKLM\..\Run: [vveiezta] C:\WINDOWS\system32\ystzusll.exe
O4 - HKLM\..\Run: [psfikx] C:\WINDOWS\system32\jkadx.exe
O4 - HKLM\..\Run: [rrkl] C:\WINDOWS\system32\sfskt.exe
O4 - HKLM\..\Run: [zbzg] C:\WINDOWS\system32\ozctm.exe
O4 - HKLM\..\Run: [lkvnol] C:\WINDOWS\system32\ycpm.exe
O4 - HKLM\..\Run: [xphn] C:\WINDOWS\system32\nrct.exe
O4 - HKLM\..\Run: [bojvb] C:\WINDOWS\system32\yuilqqab.exe
O4 - HKLM\..\Run: [fsacnkc] C:\WINDOWS\system32\dzrd.exe
O4 - HKLM\..\Run: [hxeo] C:\WINDOWS\system32\pjff.exe
O4 - HKLM\..\Run: [ueogsex] C:\WINDOWS\system32\yrqw.exe
O4 - HKLM\..\Run: [nyfgqe] C:\WINDOWS\system32\qehvq.exe
O4 - HKLM\..\Run: [zslm] C:\WINDOWS\system32\jpawwsr.exe
O4 - HKLM\..\Run: [ohfa] C:\WINDOWS\system32\izbjs.exe
O4 - HKLM\..\Run: [izgbmp] C:\WINDOWS\system32\ltgbsyhb.exe
O4 - HKLM\..\Run: [aqang] C:\WINDOWS\system32\yaalij.exe
O4 - HKLM\..\Run: [cxbeif] C:\WINDOWS\system32\jugd.exe
O4 - HKLM\..\Run: [dwuzq] C:\WINDOWS\system32\rfhrjvj.exe
O4 - HKLM\..\Run: [udrem] C:\WINDOWS\system32\bhujj.exe
O4 - HKLM\..\Run: [ojnetf] C:\WINDOWS\system32\reeuyajy.exe
O4 - HKLM\..\Run: [lftcetfr] C:\WINDOWS\system32\maof.exe
O4 - HKLM\..\Run: [iecpfsi] C:\WINDOWS\system32\hfnjha.exe
O4 - HKLM\..\Run: [szxeubcp] C:\WINDOWS\system32\ubymjdxd.exe
O4 - HKLM\..\Run: [quvgqwdd] C:\WINDOWS\system32\qnwiis.exe
O4 - HKLM\..\Run: [lrzjxn] C:\WINDOWS\system32\dkpljdfl.exe
O4 - HKLM\..\Run: [tktqmzy] C:\WINDOWS\system32\ybee.exe
O4 - HKLM\..\Run: [murlvvln] C:\WINDOWS\system32\idkxnlu.exe
O4 - HKLM\..\Run: [rraj] C:\WINDOWS\system32\lcgk.exe
O4 - HKLM\..\Run: [xpuct] C:\WINDOWS\system32\vxluikc.exe
O4 - HKLM\..\Run: [azchwpg] C:\WINDOWS\system32\zmujw.exe
O4 - HKLM\..\Run: [potrdp] C:\WINDOWS\system32\kgzuxdkt.exe
O4 - HKLM\..\Run: [klxxum] C:\WINDOWS\system32\xjldmva.exe
O4 - HKLM\..\Run: [edursr] C:\WINDOWS\system32\iorkvq.exe
O4 - HKLM\..\Run: [wrlnt] C:\WINDOWS\system32\cuqs.exe
O4 - HKLM\..\Run: [tbtsupo] C:\WINDOWS\system32\njip.exe
O4 - HKLM\..\Run: [gchbwjs] C:\WINDOWS\system32\pdviamm.exe
O4 - HKLM\..\Run: [irfvwnak] C:\WINDOWS\system32\cxpw.exe
O4 - HKLM\..\Run: [tbmumol] C:\WINDOWS\system32\nhwnhpe.exe
O4 - HKLM\..\Run: [rwezjvj] C:\WINDOWS\system32\zvhqbazq.exe
O4 - HKLM\..\Run: [axdrsju] C:\WINDOWS\system32\oupvw.exe
O4 - HKLM\..\Run: [sfhcbh] C:\WINDOWS\system32\jqhyyl.exe
O4 - HKLM\..\Run: [puaw] C:\WINDOWS\system32\tdzcsfg.exe
O4 - HKLM\..\Run: [jndang] C:\WINDOWS\system32\ocal.exe
O4 - HKLM\..\Run: [xhpti] C:\WINDOWS\system32\qlugwlkw.exe
O4 - HKLM\..\Run: [hgglcrfr] C:\WINDOWS\system32\pqvzk.exe
O4 - HKLM\..\Run: [pnql] C:\WINDOWS\system32\pbshnu.exe
O4 - HKLM\..\Run: [grdik] C:\WINDOWS\system32\yuikep.exe
O4 - HKLM\..\Run: [aaflaxd] C:\WINDOWS\system32\jonuf.exe
O4 - HKLM\..\Run: [chhyarm] C:\WINDOWS\system32\baqsp.exe
O4 - HKLM\..\Run: [qokbzbjg] C:\WINDOWS\system32\oxivqdy.exe
O4 - HKLM\..\Run: [cqpyombl] C:\WINDOWS\system32\evnda.exe
O4 - HKLM\..\Run: [lskc] C:\WINDOWS\system32\tqfgx.exe
O4 - HKLM\..\Run: [kbhsq] C:\WINDOWS\system32\dtkzykwm.exe
O4 - HKLM\..\Run: [pbphx] C:\WINDOWS\system32\kkjfj.exe
O4 - HKLM\..\Run: [mktbngk] C:\WINDOWS\system32\uqaidkp.exe
O4 - HKLM\..\Run: [eislox] C:\WINDOWS\system32\eknaec.exe
O4 - HKLM\..\Run: [nhkmp] C:\WINDOWS\system32\tvxrvcit.exe
O4 - HKLM\..\Run: [mdvz] C:\WINDOWS\system32\eplkwu.exe
O4 - HKLM\..\Run: [hpkd] C:\WINDOWS\system32\mkjx.exe
O4 - HKLM\..\Run: [kvhtk] C:\WINDOWS\system32\jaht.exe
O4 - HKLM\..\Run: [glmx] C:\WINDOWS\system32\piojjyd.exe
O4 - HKLM\..\Run: [nfutec] C:\WINDOWS\system32\rkttj.exe
O4 - HKLM\..\Run: [gfjqcrz] C:\WINDOWS\system32\gmocqrds.exe
O4 - HKLM\..\Run: [tjoxo] C:\WINDOWS\system32\rguvjk.exe
O4 - HKLM\..\Run: [yohup] C:\WINDOWS\system32\ndcrcfh.exe
O4 - HKLM\..\Run: [rrmwa] C:\WINDOWS\system32\yficc.exe
O4 - HKLM\..\Run: [cmqg] C:\WINDOWS\system32\qbqnrn.exe
O4 - HKLM\..\Run: [wwayyv] C:\WINDOWS\system32\tvvyr.exe
O4 - HKLM\..\Run: [iytkelv] C:\WINDOWS\system32\gqtynta.exe
O4 - HKLM\..\Run: [llwhlpor] C:\WINDOWS\system32\qtzrn.exe
O4 - HKLM\..\Run: [otjjrbb] C:\WINDOWS\system32\gnjuab.exe
O4 - HKLM\..\Run: [tucdyu] C:\WINDOWS\system32\qwwhdd.exe
O4 - HKLM\..\Run: [soqhoum] C:\WINDOWS\system32\dspkenjo.exe
O4 - HKLM\..\Run: [mozp] C:\WINDOWS\system32\hlhhpf.exe
O4 - HKLM\..\Run: [gvzgtva] C:\WINDOWS\system32\bxdnjjdr.exe
O4 - HKLM\..\Run: [egmzdgxd] C:\WINDOWS\system32\zwmfiew.exe
O4 - HKLM\..\Run: [wqlu] C:\WINDOWS\system32\qyen.exe
O4 - HKLM\..\Run: [avlo] C:\WINDOWS\system32\sxiynvnm.exe
O4 - HKLM\..\Run: [fainq] C:\WINDOWS\system32\csvroo.exe
O4 - HKLM\..\Run: [rsjlqa] C:\WINDOWS\system32\xkshmjs.exe
O4 - HKLM\..\Run: [xmhjlyj] C:\WINDOWS\system32\mxsiyw.exe
O4 - HKLM\..\Run: [dxcgrwpp] C:\WINDOWS\system32\vpsc.exe
O4 - Startup: StripSaver.lnk = C:\Program Files\StripSaver\StripSaver.exe
O9 - Extra button: Microsoft AntiSpyware helper - {065B18FF-5C30-4A10-937E-08E37BE9C2C3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {065B18FF-5C30-4A10-937E-08E37BE9C2C3} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E28E6D73-7F81-4C5D-A59F-C11D2B147DC4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E28E6D73-7F81-4C5D-A59F-C11D2B147DC4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F08C0EC1-49AF-43A2-9D6D-4136DFC3FB85} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F08C0EC1-49AF-43A2-9D6D-4136DFC3FB85} - (no file) (HKCU)
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildt...uncherSetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: sy2yrowyj81e4vdll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll


Close HijackThis.

Restart your computer.

1. Download Hoster http://www.greyknigh.../spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK. Close the program.

2. Right click on this link -> http://mvps.org/winh.../DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf. Save the file to the Desktop. To run the inf file, right click on it and select Install. Note: This will remove all entries in the 'Trusted Zone' and 'Ranges' also.

3. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

4. Run an online scan at http://www.pandasoft...com/activescan/ and save the results from the scan!

Restart and post a new HijackThis log along with the results from ActiveScan.
  • 0

#3
Robert Boren

Robert Boren

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the stuff you asked for.

Logfile of HijackThis v1.99.1
Scan saved at 1:48:28 AM, on 5/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Direct Connect Office - UM
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fainq] C:\WINDOWS\system32\csvroo.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.umt.edu/reslife
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Active Scan;


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\nem???.dll
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SHAgentNew.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\Sir David Boren\Favorites\Online casino.url
Adware:Adware/Sqwire No disinfected C:\DOCUME~1\SIRDAV~1\LOCALS~1\Temp\tsinstall_?_?_?_*.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Sir David Boren\Application Data\tvm*.dll
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Sir David Boren\Application Data\Lycos
Spyware:Spyware/Altnet No disinfected C:\DOCUME~1\SIRDAV~1\LOCALS~1\Temp\asmfiles.cab
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\Program Files\Internet Explorer\IEengine.exe
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe
Adware:Adware/IGuard No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Sir David Boren\Application Data\tvmdmns.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\Sir David Boren\Favorites\online casino.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Sir David Boren\Favorites\online dating.url
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\asmfiles.cab[asmps.dll]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\Belt.ini
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\lycos_ss.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\tvmupdater.exe
Adware:Adware/ClockSync No disinfected C:\Documents and Settings\Sir David Boren\Local Settings\Temp\whenu.exe
Adware:Adware/P2PNetworking No disinfected C:\I386\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\I386\P2P Networking v125.cpl
Adware:Adware/Twain-Tech No disinfected C:\I386\twaintec.inf
Adware:Adware/SuperSpider No disinfected C:\m.exe
Adware:Adware/SuperSpider No disinfected C:\mssys.com
Adware:Adware/SuperSpider No disinfected C:\p.exe
Adware:Adware/SuperSpider No disinfected C:\Program Files\Internet Explorer\ieengine.exe
Adware:Adware/SuperSpider No disinfected C:\Program Files\q330994.exe
Adware:Adware/SuperSpider No disinfected C:\q.exe
Adware:Adware/SuperSpider No disinfected C:\q250204.exe
Adware:Adware/SuperSpider No disinfected C:\soundmx.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\cvchost.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\dl.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\dllhelp.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\dlm.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\image.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biS.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polmx2.inf
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msstasks.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\mssys.com
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\mstaskss.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\nem216.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\reg33.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\rocky.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\seksdialer.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\system.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\wmscrop.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\cgfvyggl.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\d2kpax.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\d2kpax.exe
Virus:Trj/Downloader.CKM Disinfected C:\WINDOWS\SYSTEM32\in2bS.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\jac.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\mcc.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\msxslab.dll
Virus:Trj/Cloak.A Disinfected C:\WINDOWS\SYSTEM32\oleadm.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v125.cpl
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\services
Virus:Trj/Downloader.CHU Disinfected C:\WINDOWS\SYSTEM32\SHAgentNew.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\system32.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\uxpxr.exe
Virus:Trj/Cloak.A Disinfected C:\WINDOWS\toolbar.exe
Adware:Adware/SuperSpider No disinfected C:\winspec.dat
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [fainq] C:\WINDOWS\system32\csvroo.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\system32\csvroo.exe

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#5
Robert Boren

Robert Boren

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the hj file you wanted, I really apreaciate all you're doing for me,

Logfile of HijackThis v1.99.1
Scan saved at 6:24:04 PM, on 5/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Direct Connect Office - UM
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.umt.edu/reslife
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your log is clean. You may uninstall Ewido now.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
Robert Boren

Robert Boren

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No questions thanks.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP