Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora popups and possible trojan horse [CLOSED]

Started by Burgsquad , Jul 07 2005 07:13 PM

  • This topic is locked This topic is locked

#1
Burgsquad
Posted 07 July 2005 - 07:13 PM

Burgsquad

    New Member

  • Member
  • Pip
  • 3 posts
I have had continuous problems with my computer since I got a new hard drive. I installed a windows service pack 2 about a week after I got my new hard drive. Things were okay until I started using wireless internet (I think that was the problem). I got Modzilla Firefox and Microsoft AntiSpyware Beta1 and they have been working weel. I have also been running Symantic, Adaware and Spybot regularly since I got my hard drive and today I followed the instructions to download and run Ewido, Adaware (again), Spybot (again), CWShredder, and CleanUp. I'm not sure if I have the trojan or the pop ups still, but it seems that every time I run a scan it says it finds 200 critical files, then I reboot and it finds 100 more. I don't know what it is going on.

Also, how do I stop all these programs from starting at startup? They don't "pop up" but they make my computer really slow to startup.

Thanks for your help!

Here is my HiJackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:17 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Rach\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://by106fd.bay10...=EN&country=US"); (C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\prefs.js)
O2 - BHO: (no name) - {00000000-0000-4E97-AB42-7903E88349EB} - C:\Program Files\00m2useu\00m2useu.dll
O2 - BHO: (no name) - {0E337E69-009F-C454-931E-2EEA58843F46} - C:\WINDOWS\cdapp\pjswpjeslt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sbhtmc] c:\windows\system32\sbhtmc.exe
O4 - HKLM\..\Run: [aac1b9b2e64f] C:\WINDOWS\System32\admparse.exe
O4 - HKLM\..\Run: [00m2useu] C:\Program Files\00m2useu\00m2useu.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [noexbe] c:\windows\system32\kugeumz.exe
O4 - HKLM\..\Run: [vpnstly] c:\windows\system32\ufhmpc.exe
O4 - HKLM\..\Run: [kzlhsil] c:\windows\system32\otbtlgw.exe r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [nppbhi] C:\WINDOWS\System32\nppbhi.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109524037860
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


This is the Ewido scan report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:23:18 PM, 7/7/2005
+ Report-Checksum: 5156E614

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-789336058-2111687655-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
[1316] VM_01140000 -> Adware.BetterInternet : Error during cleaning
:mozilla.36:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.117:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.134:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.160:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Rach\Cookies\rach@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rach\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Rach\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Rach\Cookies\rach@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temp\164.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temp\d2qpI2.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temp\nst23.EXE -> Spyware.SmartPops : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temp\temp.fr594F\actalert.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temp\WKjIva.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temporary Internet Files\Content.IE5\G56FOHIR\svcproc[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Rach\Local Settings\Temporary Internet Files\Content.IE5\S501KRGN\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\00m2useu\00m2useu.exe -> Backdoor.Ruledor.g : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B166D381-EE6E-4EED-A40F-066B8D\15624791-D2FF-44AB-AF3D-F6D050 -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\cdapp\pjswpjeslt.exe -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\eerbgad.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\svljkiqrmy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\admparse.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\apphelp9.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\avifile6.exe -> Spyware.UrlSpy : Cleaned with backup


::Report End

Edited by Burgsquad, 07 July 2005 - 07:24 PM.

  • 0

Advertisements

#2
tampabelle
Posted 07 July 2005 - 07:32 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi burgsquad,

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall sosme programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

Nailfix
Unzip it to the desktop but please do NOT run it yet.


CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.


Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

2. Remove Infections

please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: (no name) - {00000000-0000-4E97-AB42-7903E88349EB} - C:\Program Files\00m2useu\00m2useu.dll
O2 - BHO: (no name) - {0E337E69-009F-C454-931E-2EEA58843F46} - C:\WINDOWS\cdapp\pjswpjeslt.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sbhtmc] c:\windows\system32\sbhtmc.exe
O4 - HKLM\..\Run: [aac1b9b2e64f] C:\WINDOWS\System32\admparse.exe
O4 - HKLM\..\Run: [00m2useu] C:\Program Files\00m2useu\00m2useu.exe
O4 - HKLM\..\Run: [noexbe] c:\windows\system32\kugeumz.exe
O4 - HKLM\..\Run: [vpnstly] c:\windows\system32\ufhmpc.exe
O4 - HKLM\..\Run: [kzlhsil] c:\windows\system32\otbtlgw.exe r
O4 - HKCU\..\Run: [nppbhi] C:\WINDOWS\System32\nppbhi.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

Viewpoint Manager


To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.
Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\Viewpoint
C:\Program Files\00m2useu

Files
C:\windows\system32\sbhtmc.exe
C:\WINDOWS\System32\admparse.exe
c:\windows\system32\kugeumz.exe
c:\windows\system32\ufhmpc.exe
c:\windows\system32\otbtlgw.exe r
C:\WINDOWS\System32\nppbhi.exe

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#3
Burgsquad
Posted 07 July 2005 - 09:54 PM

Burgsquad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Okay, I could not find the files:

c:\program files\viewpoint

or any of these:

C:\windows\system32\sbhtmc.exe
c:\windows\system32\kugeumz.exe
c:\windows\system32\ufhmpc.exe
c:\windows\system32\otbtlgw.exe r
C:\WINDOWS\System32\nppbhi.exe

i will post the ewido report momentarily.


Logfile of HijackThis v1.99.1
Scan saved at 11:50:08 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\Rach\Desktop\EEEK\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://by106fd.bay10...=EN&country=US"); (C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rach\Application Data\Mozilla\Profiles\default\3pi540mt.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109524037860
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#4
tampabelle
Posted 08 July 2005 - 12:46 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi burgsquad,

Your HJT log looks much better.

Post the Ewido scan report and let me know how the PC is behaving !!!!
  • 0

#5
Burgsquad
Posted 08 July 2005 - 05:36 AM

Burgsquad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:34:34 AM, 7/8/2005
+ Report-Checksum: 7E43A1D2

+ Scan result:

:mozilla.12:C:\Documents and Settings\Rach\Application Data\Mozilla\Firefox\Profiles\35tqto6p.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup


::Report End


I am still getting pop ups!!!! What would you suggest to stop them?!
  • 0

#6
tampabelle
Posted 08 July 2005 - 08:12 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Burgsquad,

Looks like there might be a hidden infection.

Download DelDomains.inf and save it on your desktop.

Right click on DelDomains.inf and click on Install.

Reboot the PC in Normal Mode.

Run Hijack This. Click on config ---> Misc Tools. Check the two boxes next to generate startup List. Click on Generate Startup List. Save the log file.

Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. Save the log file which is generated.


Post the Startup List generated by HJT and the rookitrevealer log here. Also let me know if you the pop-ups after installing Deldomains.inf.
  • 0

#7
tampabelle
Posted 18 July 2005 - 08:53 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP