Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

viruses and infections [CLOSED]


  • This topic is locked This topic is locked

#1
benjmarch

benjmarch

    New Member

  • Member
  • Pip
  • 2 posts
Been trying to clean up my computer. After doing lots then finally panda scan, got this listing remaining infections. Can you help please???

Virus:Trj/Ppdoor.BT Disinfected Operating system
Possible Virus. No disinfected C:\WINDOWS\System32\stdosapi.exe
Adware:Adware/Findspy No disinfected C:\windows\vjiihfn.exe
Virus:Trj/Downloader.CZZ Disinfected Operating system
Possible Virus. No disinfected C:\WINDOWS\System32\stdosapi.exe
Virus:Trj/Downloader.CZZ Disinfected Operating system
Adware:Adware/Findspy No disinfected c:\windows\vjiihfn.exe
Adware:Adware/Findspy No disinfected c:\windows\yisnhjr.exe
Adware:Adware/Findspy No disinfected c:\windows\ytrhttn.exe
Adware:Adware/Findspy No disinfected c:\windows\uuwwbgt.exe
Adware:Adware/Findspy No disinfected c:\windows\tishhpq.exe
Adware:Adware/Findspy No disinfected c:\windows\tbfvevn.exe
Adware:Adware/Findspy No disinfected c:\windows\tishhpq.exe
Adware:Adware/Findspy No disinfected c:\windows\tbfvevn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Adware:Adware/SBSoft No disinfected Windows Registry
Adware:Adware/GloboSearch No disinfected C:\Program Files\WareOut
Adware:Adware/Findspy No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\thun.dll
Adware:Adware/PortalScan No disinfected C:\adlinstallwin32.exe
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\Owner\Favorites\ FREE Access to 800 Paid sites.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\Owner\Favorites\ Free Hidden Cams World - Realtime.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\Owner\Favorites\ Free Spy Cam - Realtime.url
Virus:Trj/Downloader.CZZ Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\gj7nrnc.sys
Spyware:Spyware/WareOut No disinfected C:\Program Files\WareOut\wocount.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\58kd52fg.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\activeshopper.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_dh.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_mteststub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\b2s-162813.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\banematt.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Beryllium.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-goodyr1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-tsrkqn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Century.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSv10P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\d_ic.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\e2g51.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\HelperInstaller.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\HLInstaller.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia2_56.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\iehost.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\InvestorIntelligenceInstallWeb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\newmb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\package8033_MARKETING5.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\rop_marketing_1_168.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\s4Sept.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-dectest1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-seedcorn1002.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\shopinst.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\snackman.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\TrafficSpec8.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Verti1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\videoinst.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vl_ezstub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\winversion.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Virus:Trj/Downloader.CZZ Disinfected C:\WINDOWS\gj7nrnc.sys
Virus:Trj/Ppdoor.BT Disinfected C:\WINDOWS\system32\advafc42.dll
Virus:Trj/Downloader.CZZ Disinfected C:\WINDOWS\system32\gj7nrnc.sys
Virus:Trj/Downloader.CZZ Disinfected C:\WINDOWS\system32\hi0hwxn.dll
Spyware:Spyware/WareOut No disinfected C:\WINDOWS\system32\minidrv.exe
Possible Virus. No disinfected C:\WINDOWS\system32\stdosapi.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\thun.dll
Adware:Adware/Findspy No disinfected C:\WINDOWS\tbfvevn.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\tishhpq.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\tjwoxpd.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\tkeyidb.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\tpdcxnn.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\uuwwbgt.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\vjiihfn.exe
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\Web\desktop.html
Adware:Adware/Findspy No disinfected C:\WINDOWS\yisnhjr.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\ytrhttn.exe
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo. My name is Kat, and I will be helping you get your computer cleaned up and on the Go! :tazz:

I need you to go HERE

I want you to follow the directions for the following steps, and then reply here with a HijackThis log, and a copy of the log from Ewido as well. By following some of these steps, it will help clean out SOME of your infections. There will still be more to do!

1. Step ONE: CWShredder. Follow the directions to download and run it.

2. Step TWO: Ewido. Follow the directions to download the free trial, run it and save the log

3. Step FIVE: Posting a HijackThis log.

You will NOT be starting a new topic. Please make your reply with the logs into THIS topic by using the "Add Reply" button.

I'll keep an eye out for your reply tomorrow when I log on, and we'll move on with getting you cleaned back up! ;)
  • 0

#3
benjmarch

benjmarch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here is the Hijackthis log. Thanks for the help...

Logfile of HijackThis v1.99.1
Scan saved at 11:12:26 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\stdosapi.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll (file missing)
O2 - BHO: ActiveX Control - {29EC1411-376F-456A-B9F8-1DD787A1BA02} - C:\WINDOWS\System32\msvke.dll (file missing)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\txp0yu.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE SP2 AddOn - {AC14FC05-AF5D-4251-AD88-405E18E0676F} - C:\WINDOWS\System32\spnhb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adorons Easy Security - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - C:\Program Files\Adorons\Adorons Easy Security\ETB.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Themes Network] C:\WINDOWS\System32\stdosapi.exe
O4 - HKLM\..\RunOnce: [cpa4xxj.exe] C:\WINDOWS\System32\cpa4xxj.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\RunOnce: [cpa4xxj.exe] C:\WINDOWS\System32\cpa4xxj.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {7D763DA6-E17A-47D7-B0B6-0E4E61F9F6B7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D763DA6-E17A-47D7-B0B6-0E4E61F9F6B7} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espfspi.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.tevya.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B87ECE62-0B70-4932-8597-3DE9C5974E4C}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Access Update - {1E8028CC-E298-4A3A-A585-FA6814ACE79D} - C:\WINDOWS\System32\athpaak.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. You should uninstall and remove the Enigma firewall. It is disrupting your LSP chain, and will end up causing you to lose your Internet connection. This firewall is "suspect", made by the same company who makes a Rogue program called "SpyHunter". Both are considered to not be legitimate. After you have uninstalled it, I will give you a couple of options to GOOD free firewalls at the end of this post.

2. A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of espfspi.dll
5. Select every instance of espfspi.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.

3. I need you to download the following small free programs we will need to use!
Download about:buster by RubbeRDuckY Here. Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Please download CleanUp! and install it. We will use it later.

4. Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

5. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (IF present).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll (file missing)
O2 - BHO: ActiveX Control - {29EC1411-376F-456A-B9F8-1DD787A1BA02} - C:\WINDOWS\System32\msvke.dll (file missing)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\txp0yu.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O2 - BHO: IE SP2 AddOn - {AC14FC05-AF5D-4251-AD88-405E18E0676F} - C:\WINDOWS\System32\spnhb.dll (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll (file missing)
O4 - HKLM\..\Run: [Themes Network] C:\WINDOWS\System32\stdosapi.exe
O4 - HKLM\..\RunOnce: [cpa4xxj.exe] C:\WINDOWS\System32\cpa4xxj.exe /k
O4 - HKCU\..\RunOnce: [cpa4xxj.exe] C:\WINDOWS\System32\cpa4xxj.exe /k
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {7D763DA6-E17A-47D7-B0B6-0E4E61F9F6B7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D763DA6-E17A-47D7-B0B6-0E4E61F9F6B7} - (no file) (HKCU)
O21 - SSODL: Access Update - {1E8028CC-E298-4A3A-A585-FA6814ACE79D} - C:\WINDOWS\System32\athpaak.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Party Poker
Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Party Poker
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\System32\ie2cltr.dll (file missing)
C:\WINDOWS\System32\msvke.dll (file missing)
C:\WINDOWS\system32\txp0yu.dll
c:\windows\system\BHOmod.dll (file missing)
C:\WINDOWS\System32\spnhb.dll (file missing)
C:\WINDOWS\System32\ie2cltr.dll (file missing)
C:\WINDOWS\System32\stdosapi.exe
C:\WINDOWS\System32\cpa4xxj.exe /k
C:\WINDOWS\System32\cpa4xxj.exe /k
C:\WINDOWS\System32\athpaak.dll
After that, Reboot.

6. run at least 2 of these online virus scans:

Housecall<<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan<<<Accept default settings, save and post the log
RAV online scan<<<Add a check by 'Autoclean', leave everything else as is.
eTrust Antivirus Web Scan<<<'Cure' whatever is found, then delete if unsuccessful
Bitdefender ScanOnline<<<Place a check by everything under 'Scan Options'.
Command on Demand

Also run an online trojan scan here: http://www.trojanscan.com/
Reboot when finished.

7. Please download "Del Domain" from here

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded. Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok.

8. Re-run HijackThis and post the new log.
  • 0

#5
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP