Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me....Bloodhound.w32.ep


  • This topic is locked This topic is locked

#1
Lauriewistle

Lauriewistle

    New Member

  • Member
  • Pip
  • 5 posts
Please help me, my computer says I have a Bloodhound.W32.EP virus. I have no idea how to go about fixing this. Any help would be greatly appreciated. I am fairly new to computers so just to let you know.


Thanks,
Laurie
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Laurie and welcome to GTG ;)

I would suggest that you go here You Must Read This Before Posting A Hijackthis Log and follow all the instructions.

:tazz:

Excal
  • 0

#3
Lauriewistle

Lauriewistle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok, I ran the free program Housecall and found 12 infected files that couldn't be repaired so I deleated them. I restarted my computer and ran Hijackthis and this is what I got.....

Logfile of HijackThis v1.99.1
Scan saved at 10:28:48 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\bidispl8.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ATPartne.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
c:\windows\system32\gvnmsc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700

series\Bin\hpobrt07.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\DC Series 1\Console\Watch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\FYI\lqgjcqmcso.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Documents and Settings\Laurie Entwistle\Local Settings\Temporary

Internet Files\Content.IE5\2L3O1ORA\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =

www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://store.presari...edir2.dll?s=con

sumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://red.clientapp.../ymsgr6/*http:/

/www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://store.presari...edir2.dll?s=con

sumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://search.scourw...srch1&look=stmp

l1&kw=
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

= websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://search.scourw...srch1&look=stmp

l1&kw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = sas.ne2.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.ne2.attbb.net
R3 - URLSearchHook: URLSearchHook Class -

{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program

Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}

- C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {3800A614-7B61-A148-69B4-F81218ED150A} -

(no file)
O2 - BHO: (no name) - {A8445832-5275-54C0-77A5-6099A8184DAA} -

C:\Program Files\CDM\ywphekmqjp.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB}

- (no file)
O2 - BHO: PEDEV_IEListener Class -

{E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program

Files\PeDevice\PeDev.dll
O2 - BHO: WebBar Class -

{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -

C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) -

{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) -

{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program

Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy

Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NAV Agent]

c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program

Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [DDCM] "C:\Program

Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DXM6Patch_981116]

C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [70ce1531a265]

C:\WINDOWS\System32\bidispl8.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

-startup
O4 - HKLM\..\Run: [c1c12136e75f]

C:\WINDOWS\system32\ATPartne.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [UserFaultCheck]

%systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [navapp] C:\Program

Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender

Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program

Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program

Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyfg32.exe
O4 - HKLM\..\Run: [fxezip] c:\windows\system32\gvnmsc.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program

Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: HotSync Manager.lnk = C:\Program

Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk =

C:\Program Files\Hewlett-Packard\AiO\hp psc 700

series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common

Files\updater\wupdater.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DC Series

1\Console\Watch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SirSearch - file://C:\Program

Files\PWRSDP1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates -

{6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file

missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mp3: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF:

START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario

/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: Yahoo! Blackjack -

http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers -

http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Gin -

http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -

http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades -

http://download.game...nts/y/st2_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo

Class) -

http://www.uproar.co...pside_web18.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX

ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap

Class) -

http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} -

http://www.angelfire...effy/steffy.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -

http://www.alwaysupd...ll/aun_0019.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie

Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE

Class) -

http://software-dl.r...zip/RdxIE601.ca

b
O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net

Auto-search Control) - http://www.new.net/q...rch/srchctl.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -

http://downloads.sho...tall_godspeed10

03.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC}

(CLOActiveXInstaller Control) -

http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} (PdpPlg

Class) -

http://webpdp.gator....094_hd3ptdm.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai...ll.trendmicro.c

om/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C}

(CWDL_DownLoadControl Class) -

http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613}

(NMInstall Control) -

http://a14.g.akamai....anel.com/netmet

er4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA

.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie

Control) -

http://a19.g.akamai....m/v3123/cpbrkpi

e.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam

Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -

http://www.alwaysupd...ll/aun_0027.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook

Class) -

http://us.dl1.yimg.c.../suite/yautocom

plete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown

Installer ActiveX Control) -

http://download.toon...3.20/ttinst.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}

(EPSImageControl Class) -

http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo!

Toolbar) -

http://us.dl1.yimg.c...r/yiebio5_1_2_0.

cab
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -

C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet -

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown

owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - c:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown

owner - C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe" /service (file missing)
  • 0

#4
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hi Lauriewistle,

Please post your log in the Malware Removal forum. It will get a better response there from the people most qualified to analyze logs. See this post, and start a new topic in this category.

~Kristy :tazz:

Being helped in malware section. Topic closed.

Edited by coachwife6, 31 May 2005 - 02:22 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP