Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSGuard got into my computer


  • Please log in to reply

#1
jasjello8

jasjello8

    New Member

  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:35:14 PM, on 7/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120335624582
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi jasjello8 and Welcome!

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem!!

Please Create a Folder on the Desktop>>Right Click the Desktop>>Select New>>Select Folder>>Name it whatever you like!

Please Download all the tools to the New Folder but please DO NOT run any of these until asked!!!

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

Please Download CWShredder:
http://cwshredder.ne.../CWShredder.exe
Make sure you Update this as soon as you download it!

Download and install CleanUp!:
http://downloads.ste...p/CleanUp40.exe

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot back into Safe Mode!)

The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!

Once you are Rebooted back into Safe Mode again!

Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"

Run CleanUp!.

Click "CleanUp" and allow it to delete all the temporary files.

Once it is finished,Click "Close" and Click "No" when prompted to "Log Off"

Run SpSeHjfix112 once more!

When it Restarts,go back in "Normal Mode"

Please Save the Log from the last pass!

Once all is completed,have the PC Scanned here:
http://www.pandasoft...n_principal.htm

You will need to using Internet Explorer for the Scan to work!!

Save the Report it produces!

Please post these logs:

Both logs from SpSeHjfix112

Pandas Active Scan Log

A Fresh HijackThis Log
  • 0

#3
jasjello8

jasjello8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for helping Cretemonster, now I already did all the steps you said and here's my report.
I did all these steps before I post my initial help request but I still have that spyware or virus in my computer. I'm thinking of erasing everything in my computer and reinstall my XP Home back in. What do you think




(7/16/05 9:29:35 AM) SPSeHjFix started v1.1.2
(7/16/05 9:29:35 AM) OS: WinXP (5.1.2600)
(7/16/05 9:29:35 AM) Language: english
(7/16/05 9:29:35 AM) Win-Path: C:\WINDOWS
(7/16/05 9:29:35 AM) System-Path: C:\WINDOWS\System32
(7/16/05 9:29:35 AM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(7/16/05 9:29:43 AM) Disinfection started
(7/16/05 9:29:43 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:29:43 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:29:43 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:29:43 AM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(7/16/05 9:29:43 AM) Stealth-String not found
(7/16/05 9:29:43 AM) No locked Files to delete. End without Reboot
(7/16/05 9:29:53 AM) Disinfection started
(7/16/05 9:29:53 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:29:53 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:29:53 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:29:53 AM) Bad IE-pages: (none)
(7/16/05 9:29:53 AM) Stealth-String not found
(7/16/05 9:29:53 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:21 AM) Disinfection started
(7/16/05 9:30:21 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:21 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:21 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:21 AM) Bad IE-pages: (none)
(7/16/05 9:30:21 AM) Stealth-String not found
(7/16/05 9:30:21 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:21 AM) Disinfection started
(7/16/05 9:30:21 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:21 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:21 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:21 AM) Bad IE-pages: (none)
(7/16/05 9:30:21 AM) Stealth-String not found
(7/16/05 9:30:21 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:22 AM) Disinfection started
(7/16/05 9:30:22 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) Bad IE-pages: (none)
(7/16/05 9:30:22 AM) Stealth-String not found
(7/16/05 9:30:22 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:22 AM) Disinfection started
(7/16/05 9:30:22 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) Bad IE-pages: (none)
(7/16/05 9:30:22 AM) Stealth-String not found
(7/16/05 9:30:22 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:22 AM) Disinfection started
(7/16/05 9:30:22 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) Bad IE-pages: (none)
(7/16/05 9:30:22 AM) Stealth-String not found
(7/16/05 9:30:22 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:22 AM) Disinfection started
(7/16/05 9:30:22 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) Bad IE-pages: (none)
(7/16/05 9:30:22 AM) Stealth-String not found
(7/16/05 9:30:22 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:22 AM) Disinfection started
(7/16/05 9:30:22 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:22 AM) Bad IE-pages: (none)
(7/16/05 9:30:22 AM) Stealth-String not found
(7/16/05 9:30:22 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:29 AM) Disinfection started
(7/16/05 9:30:29 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:29 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:29 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:29 AM) Bad IE-pages: (none)
(7/16/05 9:30:29 AM) Stealth-String not found
(7/16/05 9:30:29 AM) No locked Files to delete. End without Reboot
(7/16/05 9:30:34 AM) Disinfection started
(7/16/05 9:30:34 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:30:34 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:34 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:34 AM) Bad IE-pages: (none)
(7/16/05 9:30:34 AM) Stealth-String not found
(7/16/05 9:30:34 AM) No locked Files to delete. End without Reboot


(7/16/05 9:30:58 AM) SPSeHjFix started v1.1.2
(7/16/05 9:30:58 AM) OS: WinXP (5.1.2600)
(7/16/05 9:30:58 AM) Language: english
(7/16/05 9:30:58 AM) Win-Path: C:\WINDOWS
(7/16/05 9:30:58 AM) System-Path: C:\WINDOWS\System32
(7/16/05 9:30:58 AM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(7/16/05 9:30:59 AM) Disinfection started
(7/16/05 9:30:59 AM) Bad-Dll(IEP): (not found)
(7/16/05 9:30:59 AM) Bad-Dll(IEP) in BHO: (not found)
(7/16/05 9:30:59 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:59 AM) UBF: 4 - UBB: 5 - UBR: 9
(7/16/05 9:30:59 AM) Bad IE-pages: (none)
(7/16/05 9:30:59 AM) Stealth-String not found
(7/16/05 9:30:59 AM) Not infected->END


(7/16/05 9:31:34 AM) SPSeHjFix started v1.1.2
(7/16/05 9:31:34 AM) OS: WinXP (5.1.2600)
(7/16/05 9:31:34 AM) Language: english
(7/16/05 9:31:34 AM) Win-Path: C:\WINDOWS
(7/16/05 9:31:34 AM) System-Path: C:\WINDOWS\System32
(7/16/05 9:31:34 AM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(7/16/05 9:31:35 AM) Disinfection started
(7/16/05 9:31:35 AM) Bad-Dll(IEP): (not found)
(7/16/05 9:31:35 AM) Bad-Dll(IEP) in BHO: (not found)
(7/16/05 9:31:35 AM) UBF: 4 - UBB: 5 - UBR: 8
(7/16/05 9:31:35 AM) UBF: 4 - UBB: 5 - UBR: 8
(7/16/05 9:31:35 AM) Bad IE-pages: (none)
(7/16/05 9:31:35 AM) Stealth-String not found
(7/16/05 9:31:35 AM) Not infected->END


(7/16/05 9:52:10 AM) SPSeHjFix started v1.1.2
(7/16/05 9:52:10 AM) OS: WinXP (5.1.2600)
(7/16/05 9:52:10 AM) Language: english
(7/16/05 9:52:10 AM) Win-Path: C:\WINDOWS
(7/16/05 9:52:10 AM) System-Path: C:\WINDOWS\System32
(7/16/05 9:52:10 AM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(7/16/05 9:52:11 AM) Disinfection started
(7/16/05 9:52:11 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:52:11 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:52:11 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:52:11 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\owner\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer, SearchURL:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(7/16/05 9:52:11 AM) Stealth-String not found
(7/16/05 9:52:11 AM) No locked Files to delete. End without Reboot
(7/16/05 9:52:16 AM) Disinfection started
(7/16/05 9:52:16 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:52:16 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:52:16 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:52:16 AM) Bad IE-pages: (none)
(7/16/05 9:52:16 AM) Stealth-String not found
(7/16/05 9:52:16 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:26 AM) Disinfection started
(7/16/05 9:56:26 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) Bad IE-pages: (none)
(7/16/05 9:56:26 AM) Stealth-String not found
(7/16/05 9:56:26 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:26 AM) Disinfection started
(7/16/05 9:56:26 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) Bad IE-pages: (none)
(7/16/05 9:56:26 AM) Stealth-String not found
(7/16/05 9:56:26 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:26 AM) Disinfection started
(7/16/05 9:56:26 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:26 AM) Bad IE-pages: (none)
(7/16/05 9:56:26 AM) Stealth-String not found
(7/16/05 9:56:26 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:27 AM) Disinfection started
(7/16/05 9:56:27 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) Bad IE-pages: (none)
(7/16/05 9:56:27 AM) Stealth-String not found
(7/16/05 9:56:27 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:27 AM) Disinfection started
(7/16/05 9:56:27 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) Bad IE-pages: (none)
(7/16/05 9:56:27 AM) Stealth-String not found
(7/16/05 9:56:27 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:27 AM) Disinfection started
(7/16/05 9:56:27 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:27 AM) Bad IE-pages: (none)
(7/16/05 9:56:27 AM) Stealth-String not found
(7/16/05 9:56:27 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:28 AM) Disinfection started
(7/16/05 9:56:28 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:28 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:28 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:28 AM) Bad IE-pages: (none)
(7/16/05 9:56:28 AM) Stealth-String not found
(7/16/05 9:56:28 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:29 AM) Disinfection started
(7/16/05 9:56:29 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:29 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:29 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:29 AM) Bad IE-pages: (none)
(7/16/05 9:56:29 AM) Stealth-String not found
(7/16/05 9:56:29 AM) No locked Files to delete. End without Reboot
(7/16/05 9:56:29 AM) Disinfection started
(7/16/05 9:56:29 AM) Bad-Dll(IEP): c:\docume~1\owner\locals~1\temp\se.dll
(7/16/05 9:56:29 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:29 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:29 AM) Bad IE-pages: (none)
(7/16/05 9:56:29 AM) Stealth-String not found
(7/16/05 9:56:29 AM) No locked Files to delete. End without Reboot


(7/16/05 9:56:33 AM) SPSeHjFix started v1.1.2
(7/16/05 9:56:33 AM) OS: WinXP (5.1.2600)
(7/16/05 9:56:33 AM) Language: english
(7/16/05 9:56:33 AM) Win-Path: C:\WINDOWS
(7/16/05 9:56:33 AM) System-Path: C:\WINDOWS\System32
(7/16/05 9:56:33 AM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(7/16/05 9:56:34 AM) Disinfection started
(7/16/05 9:56:34 AM) Bad-Dll(IEP): (not found)
(7/16/05 9:56:34 AM) Bad-Dll(IEP) in BHO: (not found)
(7/16/05 9:56:34 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:34 AM) UBF: 4 - UBB: 5 - UBR: 13
(7/16/05 9:56:34 AM) Bad IE-pages: (none)
(7/16/05 9:56:34 AM) Stealth-String not found
(7/16/05 9:56:34 AM) Not infected->END


___________________________________________________________________

Incident Status Location

Virus:Bck/Haxdoor.CF Disinfected C:\WINDOWS\system32\mszx23.exe
Virus:Bck/Haxdoor.BG Disinfected C:\WINDOWS\system32\winlow.sys
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Why give up now,you came this far,lets try a couple of other things then you make the call!


Let me have a look at whats inside there

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

Once the Scan is Complete->Restart back in Normal Mode and go to the WinPFind folder and locate WinPFind.txt!


Now create a HijackThis Startup List log!

Hijackthis StartUp Log:
Open HijackThis,Select Config(Bottom Right)>>>Select Misc Tools>>> Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to post the entire contents of that page to the next post!

Place both of those logs in the next post!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP