Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spysheriff Black Box in the middle of the page [RESOLVED]


  • This topic is locked This topic is locked

#1
preacher

preacher

    Member

  • Member
  • PipPip
  • 13 posts
This is my very first time in this so bear with me. Daughter's computer is infected with the black box and red buttons in in the bar at the bottom of the screen. Went through all of the pre steps clean up, ewido etc. And I have the logs from hijack this and ewido. added below. Help!!!

Attached File  Process_report_20050725.txt.txt   55.87KB   142 downloadsAttached File  Scan_report_20050722.txt.txt   590bytes   104 downloadsAttached File  Startup_report_20050725.txt.txt   56.51KB   121 downloads
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi preacher and welcome to GeeksToGo!


I do not see a HiJackThis log attached. can you please Paste one on, instead of attaching.


Thanks,

:tazz:

Excal
  • 0

#3
preacher

preacher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks Excal. Here are the reports.

preacher

---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 8:29:55 PM, 7/25/2005
+ Report-Checksum: B0224876

Reg\HKCU\Run nutveiq c:\windows\ilxdaop.exe
Reg\HKCU\Run djokstf c:\windows\xwqvxcw.exe
Reg\HKCU\Run joyqrip c:\windows\xwqvxcw.exe
Reg\HKLM\Run AlcxMonitor ALCXMNTR.EXE
Reg\HKCU\Run lbiwxiv c:\windows\ilxdaop.exe
Reg\HKCU\Run jkbdobx c:\windows\ilxdaop.exe
Reg\HKCU\Run PopUpStopperCompanion "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
Reg\HKCU\Run Windows installer C:\winstall.exe
Reg\HKCU\Run SNInstall C:\winstall.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Reg\HKLM\Run HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
Reg\HKLM\Run KBD C:\HP\KBD\KBD.EXE
Reg\HKLM\Run iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Reg\HKLM\Run Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
Reg\HKLM\Run VTTimer VTTimer.exe
Reg\HKLM\Run AGRSMMSG AGRSMMSG.exe
Reg\HKLM\Run PS2 C:\WINDOWS\system32\ps2.exe
Reg\HKLM\Run ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Reg\HKLM\Run IgfxTray C:\WINDOWS\system32\igfxtray.exe
Reg\HKLM\Run BearShare "C:\Program Files\BearShare\BearShare.exe" /pause
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run FlnCPY "C:\Program Files\Common Files\Java\flncpy.exe"
Reg\HKLM\Run sys513 C:\WINDOWS\sys513.exe
Reg\HKLM\Run FtkCPY "C:\Program Files\Common Files\Java\ftkcpy.exe"
Reg\HKCU\Run Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
Reg\HKCU\Run jshffqx c:\windows\xwqvxcw.exe
Reg\HKCU\Run Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Reg\HKCU\Run bctqnci c:\windows\ykglcgp.exe
Reg\HKCU\Run jdryslv c:\windows\ykglcgp.exe
Reg\HKCU\Run wupdate C:\WINDOWS\system32\wi32.exe
Reg\HKCU\Run obegnmr c:\windows\ykglcgp.exe
Reg\HKCU\Run xmknuhn c:\windows\ykglcgp.exe
Reg\HKCU\Run gkvuvja c:\windows\ykglcgp.exe
Reg\HKCU\Run gkteoiw c:\windows\ykglcgp.exe
Reg\HKCU\Run stamjvv c:\windows\ykglcgp.exe
Reg\HKCU\Run blfilhg c:\windows\ykglcgp.exe
Reg\HKCU\Run xatvnwp c:\windows\ykglcgp.exe
Reg\HKCU\Run ttntmou c:\windows\ykglcgp.exe
Reg\HKCU\Run newjnqf c:\windows\ykglcgp.exe
Reg\HKCU\Run atuhmqd c:\windows\ykglcgp.exe
Reg\HKCU\Run mqdxpkf c:\windows\ykglcgp.exe
Reg\HKCU\Run dhhwtoj c:\windows\ykglcgp.exe
Reg\HKCU\Run poevivs c:\windows\xwqvxcw.exe
Reg\HKCU\Run ektmeur c:\windows\xwqvxcw.exe
Reg\HKCU\Run orfmgiq c:\windows\xwqvxcw.exe
Reg\HKCU\Run utofxsd c:\windows\xwqvxcw.exe
Reg\HKCU\Run rphfncs c:\windows\xwqvxcw.exe
Reg\HKCU\Run lerhiir c:\windows\xwqvxcw.exe
Reg\HKCU\Run vnnhhoq c:\windows\xwqvxcw.exe
Reg\HKCU\Run grydwmr c:\windows\xwqvxcw.exe
Reg\HKCU\Run raugmlo c:\windows\xwqvxcw.exe
Reg\HKCU\Run ltydlmu c:\windows\xwqvxcw.exe
Reg\HKCU\Run jpexako c:\windows\xwqvxcw.exe
Reg\HKCU\Run guecips c:\windows\xwqvxcw.exe
Reg\HKCU\Run eqcmksy c:\windows\xwqvxcw.exe
Reg\HKCU\Run rsofxxw c:\windows\xwqvxcw.exe
Reg\HKCU\Run jnvnvhl c:\windows\xwqvxcw.exe
Reg\HKCU\Run ujcfryj c:\windows\xwqvxcw.exe
Reg\HKCU\Run fnmnmac c:\windows\xwqvxcw.exe
Reg\HKCU\Run mguchrn c:\windows\xwqvxcw.exe
Reg\HKCU\Run rcrxcfb c:\windows\xwqvxcw.exe
Reg\HKCU\Run cbvnfml c:\windows\xwqvxcw.exe
Reg\HKCU\Run ctnuyff c:\windows\xwqvxcw.exe
Reg\HKCU\Run tmktmyc c:\windows\xwqvxcw.exe
Reg\HKCU\Run cxuddqo c:\windows\xwqvxcw.exe
Reg\HKCU\Run vxhecgk c:\windows\xwqvxcw.exe
Reg\HKCU\Run kmohdik c:\windows\xwqvxcw.exe
Reg\HKCU\Run ujigeyg c:\windows\xwqvxcw.exe
Reg\HKCU\Run fubvqpk c:\windows\xwqvxcw.exe
Reg\HKCU\Run jgvbwlv c:\windows\xwqvxcw.exe
Reg\HKCU\Run lqqwuhi c:\windows\xwqvxcw.exe
Reg\HKCU\Run volspyp c:\windows\xwqvxcw.exe
Reg\HKCU\Run xfrxtiu c:\windows\xwqvxcw.exe
Reg\HKCU\Run xreyjcf c:\windows\xwqvxcw.exe
Reg\HKCU\Run fdyqjtt c:\windows\xwqvxcw.exe
Reg\HKCU\Run wpckics c:\windows\xwqvxcw.exe
Reg\HKCU\Run kodrilo c:\windows\xwqvxcw.exe
Reg\HKCU\Run sxvkagp c:\windows\xwqvxcw.exe
Reg\HKCU\Run qnsnufi c:\windows\xwqvxcw.exe
Reg\HKCU\Run dlxptmk c:\windows\xwqvxcw.exe
Reg\HKCU\Run mymlytp c:\windows\xwqvxcw.exe
Reg\HKCU\Run gxyrcti c:\windows\xwqvxcw.exe
Reg\HKCU\Run wguofwg c:\windows\xwqvxcw.exe
Reg\HKCU\Run dvnhwao c:\windows\xwqvxcw.exe
Reg\HKCU\Run pinxkju c:\windows\xwqvxcw.exe
Reg\HKCU\Run kjinsoy c:\windows\xwqvxcw.exe
Reg\HKCU\Run xybpehb c:\windows\xwqvxcw.exe
Reg\HKCU\Run gbyrnjq c:\windows\xwqvxcw.exe
Reg\HKCU\Run ougtehl c:\windows\xwqvxcw.exe
Reg\HKCU\Run dklevsx c:\windows\xwqvxcw.exe
Reg\HKCU\Run bhvtpcr c:\windows\ilxdaop.exe
Reg\HKCU\Run yhqjlti c:\windows\ilxdaop.exe
Reg\HKCU\Run vdesxii c:\windows\ilxdaop.exe
Reg\HKCU\Run ekiuvcq c:\windows\ilxdaop.exe
Reg\HKCU\Run sewhccu c:\windows\ilxdaop.exe
Reg\HKCU\Run jeejaqg c:\windows\ilxdaop.exe
Reg\HKCU\Run ityqqdy c:\windows\ilxdaop.exe
Reg\HKCU\Run gypixxa c:\windows\ilxdaop.exe
Reg\HKCU\Run vinvlmq c:\windows\ilxdaop.exe
Reg\HKCU\Run eirfxay c:\windows\ilxdaop.exe
Reg\HKCU\Run imfhaxk c:\windows\ilxdaop.exe
Reg\HKCU\Run cweaghh c:\windows\ilxdaop.exe
Reg\HKCU\Run wkutjfw c:\windows\ilxdaop.exe
Reg\HKCU\Run xeyoevv c:\windows\ilxdaop.exe
Reg\HKCU\Run rdkulej c:\windows\ilxdaop.exe
Reg\HKCU\Run ukiarev c:\windows\ilxdaop.exe
Reg\HKCU\Run mfyemdk c:\windows\ilxdaop.exe
Reg\HKCU\Run dqfmewn c:\windows\ilxdaop.exe
Reg\HKCU\Run wbcviir c:\windows\ilxdaop.exe
Reg\HKCU\Run qxytsiq c:\windows\ilxdaop.exe
Reg\HKCU\Run riubqbf c:\windows\ilxdaop.exe
Reg\HKCU\Run vlelqdm c:\windows\ilxdaop.exe
Reg\HKCU\Run ykygvhe c:\windows\ilxdaop.exe
Reg\HKCU\Run vjbdxec c:\windows\ilxdaop.exe
Reg\HKCU\Run oatldcx c:\windows\ilxdaop.exe
Reg\HKCU\Run ykriuwr c:\windows\ilxdaop.exe
Reg\HKCU\Run ekcunvb c:\windows\ilxdaop.exe
Reg\HKCU\Run vkcclxs c:\windows\ilxdaop.exe
Reg\HKCU\Run tqjjddk c:\windows\ilxdaop.exe
Reg\HKCU\Run clvrmap c:\windows\ilxdaop.exe
Reg\HKCU\Run djxjgtj c:\windows\ilxdaop.exe
Reg\HKCU\Run fpustid c:\windows\ilxdaop.exe
Reg\HKCU\Run ocgcxvs c:\windows\ilxdaop.exe
Reg\HKCU\Run vjqtipt c:\windows\ilxdaop.exe
Reg\HKCU\Run nkhhnlw c:\windows\ilxdaop.exe
Reg\HKCU\Run gwhnxwv c:\windows\ilxdaop.exe
Reg\HKCU\Run mkobutw c:\windows\ilxdaop.exe
Reg\HKCU\Run rwucfdq c:\windows\ilxdaop.exe
Reg\HKCU\Run ihjtrdx c:\windows\ilxdaop.exe
Reg\HKCU\Run jqlgfst c:\windows\ilxdaop.exe
Reg\HKCU\Run njwlexr c:\windows\ilxdaop.exe
Reg\HKCU\Run dqovrhr c:\windows\ilxdaop.exe
Reg\HKCU\Run xxbpgyb c:\windows\ilxdaop.exe
Reg\HKCU\Run jfvvaeg c:\windows\ilxdaop.exe
Reg\HKCU\Run vyfpiwb c:\windows\ilxdaop.exe
Reg\HKCU\Run wbhfpsk c:\windows\ilxdaop.exe
Reg\HKCU\Run qtjegut c:\windows\ilxdaop.exe
Reg\HKCU\Run ckkxepy c:\windows\ilxdaop.exe
Reg\HKCU\Run flvkukm c:\windows\ilxdaop.exe
Reg\HKCU\Run udtfynk c:\windows\ilxdaop.exe
Reg\HKCU\Run qynaxjp c:\windows\ilxdaop.exe
Reg\HKCU\Run nnveggp c:\windows\ilxdaop.exe
Reg\HKCU\Run tiwrjau c:\windows\ilxdaop.exe
Reg\HKCU\Run qbxutyx c:\windows\ilxdaop.exe
Reg\HKCU\Run bgeftfi c:\windows\ilxdaop.exe
Reg\HKCU\Run qucfftc c:\windows\ilxdaop.exe
Reg\HKCU\Run bwpgtte c:\windows\ilxdaop.exe
Reg\HKCU\Run hwbexyg c:\windows\ilxdaop.exe
Reg\HKCU\Run sktiedm c:\windows\ilxdaop.exe
Reg\HKCU\Run ijqalyd c:\windows\ilxdaop.exe
Reg\HKCU\Run vbxdxax c:\windows\ilxdaop.exe
Reg\HKCU\Run ljjvidd c:\windows\ilxdaop.exe
Reg\HKCU\Run khivqay c:\windows\ilxdaop.exe
Reg\HKCU\Run jpfbtmr c:\windows\ilxdaop.exe
Reg\HKCU\Run gvvqqvr c:\windows\ilxdaop.exe
Reg\HKCU\Run shjbrdi c:\windows\ilxdaop.exe
Reg\HKCU\Run nenfple c:\windows\ilxdaop.exe
Reg\HKCU\Run jdalhnh c:\windows\ilxdaop.exe
Reg\HKCU\Run mfywryd c:\windows\ilxdaop.exe
Reg\HKCU\Run mpiolou c:\windows\ilxdaop.exe
Reg\HKCU\Run dphajmr c:\windows\ilxdaop.exe
Reg\HKCU\Run sffdhlq c:\windows\ilxdaop.exe
Reg\HKCU\Run ytroqld c:\windows\ilxdaop.exe
Reg\HKCU\Run uuphtnn c:\windows\ilxdaop.exe
Reg\HKCU\Run vbhebgp c:\windows\ilxdaop.exe
Reg\HKCU\Run nrjcipw c:\windows\ilxdaop.exe
Reg\HKCU\Run sys513 C:\WINDOWS\sys513.exe
Reg\HKCU\Run wupd C:\WINDOWS\system32\symcsvc.exe
Reg\HKCU\Run nefdxjp c:\windows\ykglcgp.exe
Reg\HKLM\Run hpsysdrv c:\windows\system\hpsysdrv.exe
Shell\CommonStartup Quicken Scheduled Updates.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
Shell\UserStartup IMStart.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
Shell\CommonStartup Compaq Connections.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:51:33 PM, 7/22/2005
+ Report-Checksum: E0E67F30

+ Scan result:

No infected objects found.


::Report End
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi,


I actually need the HiJackThis log.

Download HijackThis and post a logfile:
  • Download HijackThis.
  • Create a folder named "HijackThis". To create a folder:
    • Go to My Documents.
    • Right-click and select New> Folder.
    • Name the folder as "HijackThis".
  • Extract the contents of hijackthis.zip into the folder you've just created.
  • Open HijackThis.exe
  • Click on "Do a system scan and save a logfile".
  • After the scan is complete a Notepad window will popup.
  • In the Notepad window, go to Edit> Select all and then Edit> Copy.
  • Paste the log into your next reply.
Do NOT fix anything until we check your log. You can cause serious damage to your operating system if you fix a valid entry.
  • 0

#5
preacher

preacher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Excal

Sorry about that. I thought I had the Hijack file in there.

Logfile of HijackThis v1.99.1
Scan saved at 9:46:06 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sys513.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\InterMute\IMStart.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [sys513] C:\WINDOWS\sys513.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [bctqnci] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [jdryslv] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\system32\wi32.exe
O4 - HKCU\..\Run: [obegnmr] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [xmknuhn] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [gkvuvja] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [gkteoiw] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [stamjvv] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [blfilhg] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [xatvnwp] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [ttntmou] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [newjnqf] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [atuhmqd] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [nefdxjp] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [mqdxpkf] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [dhhwtoj] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [poevivs] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [djokstf] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ektmeur] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jshffqx] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [orfmgiq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [utofxsd] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rphfncs] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [lerhiir] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [vnnhhoq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [grydwmr] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [raugmlo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ltydlmu] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jpexako] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [guecips] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [eqcmksy] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rsofxxw] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jnvnvhl] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ujcfryj] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fnmnmac] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [mguchrn] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rcrxcfb] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [cbvnfml] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ctnuyff] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [tmktmyc] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [cxuddqo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [vxhecgk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kmohdik] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ujigeyg] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fubvqpk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jgvbwlv] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [lqqwuhi] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [volspyp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xfrxtiu] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xreyjcf] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fdyqjtt] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [wpckics] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kodrilo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [sxvkagp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [qnsnufi] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dlxptmk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [mymlytp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [gxyrcti] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [wguofwg] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dvnhwao] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [pinxkju] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [joyqrip] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kjinsoy] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xybpehb] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [gbyrnjq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ougtehl] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dklevsx] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jkbdobx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bhvtpcr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [yhqjlti] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vdesxii] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ekiuvcq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sewhccu] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jeejaqg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ityqqdy] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gypixxa] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vinvlmq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [eirfxay] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [imfhaxk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nutveiq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [cweaghh] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wkutjfw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [xeyoevv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [rdkulej] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ukiarev] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mfyemdk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dqfmewn] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wbcviir] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qxytsiq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [riubqbf] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vlelqdm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ykygvhe] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vjbdxec] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [oatldcx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ykriuwr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ekcunvb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vkcclxs] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [tqjjddk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [clvrmap] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [djxjgtj] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [lbiwxiv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [fpustid] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ocgcxvs] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vjqtipt] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nkhhnlw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gwhnxwv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mkobutw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [rwucfdq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ihjtrdx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jqlgfst] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [njwlexr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dqovrhr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [xxbpgyb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jfvvaeg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vyfpiwb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wbhfpsk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qtjegut] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ckkxepy] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [flvkukm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [udtfynk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qynaxjp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nnveggp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [tiwrjau] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qbxutyx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bgeftfi] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qucfftc] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bwpgtte] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [hwbexyg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sktiedm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ijqalyd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vbxdxax] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ljjvidd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [khivqay] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jpfbtmr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gvvqqvr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [shjbrdi] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nenfple] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jdalhnh] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mfywryd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mpiolou] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dphajmr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sffdhlq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ytroqld] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [uuphtnn] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vbhebgp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nrjcipw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sys513] C:\WINDOWS\sys513.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122084953453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi preacher and welcome to GeeksToGo!

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

I noticed that your HiJackthis.exe is located on your desktop, make sure to save HijackThis in its own folder (i.e. C:\HJT). This is very important, so HiJackThis can save backups!


DOWNLOAD PROGRAMS


Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Please download Nailfix from Here
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. (if present)

5. Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)

C:\WINDOWS\sys513.exe
C:\winstall.exe


6. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

7. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

8. Close all browsers, windows and unneeded programs.

9. Open HiJack and do a scan.

10. Put a Check next to the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [sys513] C:\WINDOWS\sys513.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKCU\..\Run: [bctqnci] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [jdryslv] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\system32\wi32.exe
O4 - HKCU\..\Run: [obegnmr] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [xmknuhn] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [gkvuvja] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [gkteoiw] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [stamjvv] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [blfilhg] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [xatvnwp] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [ttntmou] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [newjnqf] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [atuhmqd] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [nefdxjp] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [mqdxpkf] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [dhhwtoj] c:\windows\ykglcgp.exe
O4 - HKCU\..\Run: [poevivs] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [djokstf] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ektmeur] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jshffqx] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [orfmgiq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [utofxsd] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rphfncs] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [lerhiir] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [vnnhhoq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [grydwmr] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [raugmlo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ltydlmu] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jpexako] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [guecips] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [eqcmksy] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rsofxxw] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jnvnvhl] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ujcfryj] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fnmnmac] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [mguchrn] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [rcrxcfb] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [cbvnfml] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ctnuyff] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [tmktmyc] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [cxuddqo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [vxhecgk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kmohdik] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ujigeyg] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fubvqpk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jgvbwlv] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [lqqwuhi] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [volspyp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xfrxtiu] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xreyjcf] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [fdyqjtt] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [wpckics] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kodrilo] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [sxvkagp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [qnsnufi] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dlxptmk] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [mymlytp] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [gxyrcti] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [wguofwg] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dvnhwao] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [pinxkju] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [joyqrip] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [kjinsoy] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [xybpehb] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [gbyrnjq] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [ougtehl] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [dklevsx] c:\windows\xwqvxcw.exe
O4 - HKCU\..\Run: [jkbdobx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bhvtpcr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [yhqjlti] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vdesxii] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ekiuvcq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sewhccu] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jeejaqg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ityqqdy] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gypixxa] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vinvlmq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [eirfxay] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [imfhaxk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nutveiq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [cweaghh] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wkutjfw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [xeyoevv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [rdkulej] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ukiarev] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mfyemdk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dqfmewn] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wbcviir] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qxytsiq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [riubqbf] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vlelqdm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ykygvhe] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vjbdxec] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [oatldcx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ykriuwr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ekcunvb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vkcclxs] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [tqjjddk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [clvrmap] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [djxjgtj] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [lbiwxiv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [fpustid] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ocgcxvs] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vjqtipt] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nkhhnlw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gwhnxwv] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mkobutw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [rwucfdq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ihjtrdx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jqlgfst] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [njwlexr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dqovrhr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [xxbpgyb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jfvvaeg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vyfpiwb] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [wbhfpsk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qtjegut] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ckkxepy] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [flvkukm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [udtfynk] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qynaxjp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nnveggp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [tiwrjau] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qbxutyx] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bgeftfi] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [qucfftc] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [bwpgtte] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [hwbexyg] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sktiedm] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ijqalyd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vbxdxax] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ljjvidd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [khivqay] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jpfbtmr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [gvvqqvr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [shjbrdi] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nenfple] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [jdalhnh] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mfywryd] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [mpiolou] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [dphajmr] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sffdhlq] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [ytroqld] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [uuphtnn] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [vbhebgp] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [nrjcipw] c:\windows\ilxdaop.exe
O4 - HKCU\..\Run: [sys513] C:\WINDOWS\sys513.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


11. click the Fix Checked box

12. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

SpySheriff
Viewpoint Manager
BearShare <======A file-sharing program which being ad-based includes "Cy-door" adware. Also a know source of infections


13. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\SpySheriff
c:\Program Files\Fla
C:\Program Files\Viewpoint
c:\Program Files\Fln
c:\Program Files\Ftk
C:\Program Files\BearShare <====Optional see above


14. Please remove just the files from the following paths using Windows Explorer (if present):

c:\windows\ilxdaop.exe
C:\WINDOWS\sys513.exe
C:\WINDOWS\system32\symcsvc.exe
C:\winstall.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\system32\wi32.exe
c:\windows\ykglcgp.exe
c:\windows\xwqvxcw.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
C:\WINDOWS\sys513.exe


15. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

16. Open Ad-aware and do a full scan. Remove all it finds.

17. Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

18. Run the program CleanUp!

19. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

20. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#7
preacher

preacher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Excal,

Followed the instructions. Computer appears to be 100% better. Thanks for your help.
I have posted the logs as requested.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:32:51 PM, 7/28/2005
+ Report-Checksum: 72D037A2

+ Scan result:

HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj -> Spyware.FlashTrack : Cleaned with backup
HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj\CurVer -> Spyware.FlashTrack : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyt9pp6u.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Ftk\ftk.dll -> Spyware.FlashEnhancer : Cleaned with backup
C:\WINDOWS\gxwdky.exe -> Adware.BetterInternet : Cleaned with backup


::Report End


Incident Status Location

Adware:adware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:adware/broadcastpc No disinfected C:\PROGRAM FILES\Bpt
Adware:adware/imgiant No disinfected C:\PROGRAM FILES\joystick networks
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Adware:adware/delfinmedia No disinfected C:\WINDOWS\SYSTEM32\nsvsvc
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/gator No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/savenow No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_TBPSSVC
Adware:adware/funweb No disinfected HKEY_CLASSES_ROOT\FUNWEBPRODUCTSINSTALLER.START
Spyware:spyware/sysren No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\SYS REN
Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb}
Adware:adware/topmoxie No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
Adware:Adware/FlashTrack No disinfected C:\Program Files\Common Files\Java\ftkcpy.cfg
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\inf\flashtlk.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polmx2.inf
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\joyiconsbbb.exe
Virus:Bck/Nexux.A Disinfected C:\WINDOWS\sys2643.exe
Virus:Bck/Nexux.A Disinfected C:\WINDOWS\sys2728.exe
Virus:Bck/Nexux.A Disinfected C:\WINDOWS\sys2731.exe
Virus:Bck/Nexux.A Disinfected C:\WINDOWS\sys5139.exe
Virus:Bck/Nexux.A Disinfected C:\WINDOWS\sys5141.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys725.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys740.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys742.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe

Logfile of HijackThis v1.99.1
Scan saved at 5:55:54 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
C:\hjtt\hjtt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122084953453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Thanks preacher!
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX]

[-HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR]

[-HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_TBPSSVC]

[-HKEY_CLASSES_ROOT\FUNWEBPRODUCTSINSTALLER.START]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SYS REN]

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}]

[-HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb}

[-HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}]



Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".



Just a few random bad files and folders to clean up.

Please remove the following folders using Windows Explorer (if present):

C:\PROGRAM FILES\Bpt
C:\PROGRAM FILES\joystick networks
C:\PROGRAM FILES\MyWay
C:\WINDOWS\SYSTEM32\nsvsvc
C:\WINDOWS\SYSTEM32\P2P Networking
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\nsv


Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\Downloaded Program Files\m67m.inf
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\unstall.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".

    Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.
C:\Program Files\Common Files\Java\ftkcpy.cfg
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\flashtlk.inf
C:\WINDOWS\inf\polall1r.inf
C:\WINDOWS\inf\polmx2.inf
C:\WINDOWS\joyiconsbbb.exe
C:\WINDOWS\sys2643.exe
C:\WINDOWS\sys2728.exe
C:\WINDOWS\sys2731.exe
C:\WINDOWS\sys5139.exe
C:\WINDOWS\sys5141.exe
C:\WINDOWS\sys725.exe
C:\WINDOWS\sys740.exe
C:\WINDOWS\sys742.exe
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll
C:\WINDOWS\SYSTEM32\thun.dll
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\WINDOWS\INF\biini.inf
C:\WINDOWS\INF\polall1r.inf
C:\WINDOWS\smdat32m.sys


After reboot
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in: SvcProc
  • Click "ok", then reboot
Post back when you finish and tell me how your computer is running :tazz:
  • 0

#9
preacher

preacher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Excal,

Have gone through the fixes to the last. I opened hijack this, clicked on delete an NT service. Window pops up with instructions to paste or type in a file name. Your instructions say copy and past to "SvcProc". In the window that pops up there is no file appearing in it to copy or paste. What do I do ?????

Preacher
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Preacher,


In the box that pops up, copy and paste SvcProc in it.


Thanks,

:tazz:

Excal
  • 0

#11
preacher

preacher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Excal,

I did that and the response said it could not be found in the registry. The computer seems to running just fine though.

Preacher
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP