[Lauriewistle]

Please help me, my computer says I have a Bloodhound.W32.EP virus. I have no idea how to go about fixing this. Any help would be greatly appreciated. I am fairly new to computers so just to let you know.


Thanks,
Laurie

[Advertisements]

Hi Laurie and welcome to GTG

I would suggest that you go here You Must Read This Before Posting A Hijackthis Log and follow all the instructions.



Excal

[Excal]

Hi Laurie and welcome to GTG

I would suggest that you go here You Must Read This Before Posting A Hijackthis Log and follow all the instructions.



Excal

[Lauriewistle]

Ok, I ran the free program Housecall and found 12 infected files that couldn't be repaired so I deleated them. I restarted my computer and ran Hijackthis and this is what I got.....

Logfile of HijackThis v1.99.1
Scan saved at 10:28:48 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\bidispl8.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ATPartne.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
c:\windows\system32\gvnmsc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700

series\Bin\hpobrt07.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\msCMTSrvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\DC Series 1\Console\Watch.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\FYI\lqgjcqmcso.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Documents and Settings\Laurie Entwistle\Local Settings\Temporary

Internet Files\Content.IE5\2L3O1ORA\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =

www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://store.presari...edir2.dll?s=con

sumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://red.clientapp.../ymsgr6/*http:/

/www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://store.presari...edir2.dll?s=con

sumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://search.scourw...srch1&look=stmp

l1&kw=
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

= websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://search.scourw...srch1&look=stmp

l1&kw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = sas.ne2.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.ne2.attbb.net
R3 - URLSearchHook: URLSearchHook Class -

{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program

Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}

- C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {3800A614-7B61-A148-69B4-F81218ED150A} -

(no file)
O2 - BHO: (no name) - {A8445832-5275-54C0-77A5-6099A8184DAA} -

C:\Program Files\CDM\ywphekmqjp.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB}

- (no file)
O2 - BHO: PEDEV_IEListener Class -

{E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program

Files\PeDevice\PeDev.dll
O2 - BHO: WebBar Class -

{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -

C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) -

{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) -

{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program

Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy

Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NAV Agent]

c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program

Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [DDCM] "C:\Program

Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DXM6Patch_981116]

C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [70ce1531a265]

C:\WINDOWS\System32\bidispl8.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

-startup
O4 - HKLM\..\Run: [c1c12136e75f]

C:\WINDOWS\system32\ATPartne.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [UserFaultCheck]

%systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [navapp] C:\Program

Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender

Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program

Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program

Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteyfg32.exe
O4 - HKLM\..\Run: [fxezip] c:\windows\system32\gvnmsc.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program

Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: HotSync Manager.lnk = C:\Program

Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk =

C:\Program Files\Hewlett-Packard\AiO\hp psc 700

series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common

Files\updater\wupdater.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DC Series

1\Console\Watch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SirSearch - file://C:\Program

Files\PWRSDP1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates -

{6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file

missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mp3: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF:

START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario

/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: Yahoo! Blackjack -

http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers -

http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Gin -

http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -

http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spades -

http://download.game...nts/y/st2_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo

Class) -

http://www.uproar.co...pside_web18.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX

ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap

Class) -

http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} -

http://www.angelfire...effy/steffy.cab
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -

http://www.alwaysupd...ll/aun_0019.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie

Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE

Class) -

http://software-dl.r...zip/RdxIE601.ca

b
O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net

Auto-search Control) - http://www.new.net/q...rch/srchctl.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -

http://downloads.sho...tall_godspeed10

03.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC}

(CLOActiveXInstaller Control) -

http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} (PdpPlg

Class) -

http://webpdp.gator....094_hd3ptdm.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai...ll.trendmicro.c

om/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C}

(CWDL_DownLoadControl Class) -

http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613}

(NMInstall Control) -

http://a14.g.akamai....anel.com/netmet

er4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA

.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie

Control) -

http://a19.g.akamai....m/v3123/cpbrkpi

e.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam

Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -

http://www.alwaysupd...ll/aun_0027.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook

Class) -

http://us.dl1.yimg.c.../suite/yautocom

plete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown

Installer ActiveX Control) -

http://download.toon...3.20/ttinst.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}

(EPSImageControl Class) -

http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -

http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo!

Toolbar) -

http://us.dl1.yimg.c...r/yiebio5_1_2_0.

cab
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -

C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet -

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown

owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - c:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown

owner - C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe" /service (file missing)

[Kristy]

Hi Lauriewistle,

Please post your log in the Malware Removal forum. It will get a better response there from the people most qualified to analyze logs. See this post, and start a new topic in this category.

~Kristy

Being helped in malware section. Topic closed.

Edited by coachwife6, 31 May 2005 - 02:22 AM.