Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus problem...

Started by rfdumayas , Aug 02 2005 04:58 AM

  • Please log in to reply

#1
rfdumayas
Posted 02 August 2005 - 04:58 AM

rfdumayas

    New Member

  • Member
  • Pip
  • 2 posts
hi!!! i found this site while searching for a way to remove the virus bloodhound.w32.ep from my other notebook pc. i already have sp2 installed on my system, so when i read that sp2 shouldn't have been installed yet in order to fix it, i felt quite skeptic, but then i'll just give it a try. i tried removing it with NAV but it didn't do the job. here is the hijackthis log for my other notebook:

Logfile of HijackThis v1.99.1
Scan saved at 6:43:46 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\system32\qfksdkah.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\sdkox.exe
C:\WINDOWS\system32\combo.exe
C:\Documents and Settings\New\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\scjvx.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Class - {0B7CD9AB-FA76-CAC5-AA75-8F58E9132349} - C:\WINDOWS\system32\sysnl32.dll
O2 - BHO: Class - {4E08BE38-D4B4-A5CF-2262-2FA489C00DD6} - C:\WINDOWS\appqf32.dll
O2 - BHO: Class - {BA99F0F7-81BA-A3D0-11AE-7FAE337FF72F} - C:\WINDOWS\msft32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {EFCA30F1-4CC5-0280-8C70-0601199DABBF} - C:\WINDOWS\system32\d3nb32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [yrnqcyarinko] C:\WINDOWS\system32\qfksdkah.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [sdkox.exe] C:\WINDOWS\sdkox.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\RunOnce: [sysnf32.exe] C:\WINDOWS\system32\sysnf32.exe
O4 - HKLM\..\RunOnce: [atlnw32.exe] C:\WINDOWS\atlnw32.exe
O4 - HKLM\..\RunOnce: [winse32.exe] C:\WINDOWS\system32\winse32.exe
O4 - HKLM\..\RunOnce: [iele.exe] C:\WINDOWS\system32\iele.exe
O4 - HKLM\..\RunOnce: [d3bz.exe] C:\WINDOWS\system32\d3bz.exe
O4 - HKLM\..\RunOnce: [crfp.exe] C:\WINDOWS\system32\crfp.exe
O4 - HKLM\..\RunOnce: [crzf32.exe] C:\WINDOWS\crzf32.exe
O4 - HKLM\..\RunOnce: [apply32.exe] C:\WINDOWS\apply32.exe
O4 - HKLM\..\RunOnce: [ieze32.exe] C:\WINDOWS\ieze32.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\apiob.exe
O4 - HKLM\..\RunOnce: [sdknm.exe] C:\WINDOWS\sdknm.exe
O4 - HKLM\..\RunOnce: [d3nz32.exe] C:\WINDOWS\system32\d3nz32.exe
O4 - HKLM\..\RunOnce: [netrw32.exe] C:\WINDOWS\netrw32.exe
O4 - HKLM\..\RunOnce: [sysvt.exe] C:\WINDOWS\sysvt.exe
O4 - HKLM\..\RunOnce: [sdkxi.exe] C:\WINDOWS\sdkxi.exe
O4 - HKLM\..\RunOnce: [mfcvs.exe] C:\WINDOWS\system32\mfcvs.exe
O4 - HKLM\..\RunOnce: [atlhf.exe] C:\WINDOWS\system32\atlhf.exe
O4 - HKLM\..\RunOnce: [atley.exe] C:\WINDOWS\system32\atley.exe
O4 - HKLM\..\RunOnce: [winsr32.exe] C:\WINDOWS\system32\winsr32.exe
O4 - HKLM\..\RunOnce: [sdkdx.exe] C:\WINDOWS\system32\sdkdx.exe
O4 - HKLM\..\RunOnce: [atlgc32.exe] C:\WINDOWS\system32\atlgc32.exe
O4 - HKLM\..\RunOnce: [winqt.exe] C:\WINDOWS\system32\winqt.exe
O4 - HKLM\..\RunOnce: [winde32.exe] C:\WINDOWS\winde32.exe
O4 - HKLM\..\RunOnce: [apizf.exe] C:\WINDOWS\apizf.exe
O4 - HKLM\..\RunOnce: [mfcfv.exe] C:\WINDOWS\system32\mfcfv.exe
O4 - HKLM\..\RunOnce: [ntbj.exe] C:\WINDOWS\ntbj.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\appoo.exe
O4 - HKLM\..\RunOnce: [sdkri32.exe] C:\WINDOWS\system32\sdkri32.exe
O4 - HKLM\..\RunOnce: [appud32.exe] C:\WINDOWS\appud32.exe
O4 - HKLM\..\RunOnce: [atldp.exe] C:\WINDOWS\atldp.exe
O4 - HKLM\..\RunOnce: [sdkba.exe] C:\WINDOWS\system32\sdkba.exe
O4 - HKLM\..\RunOnce: [apidc.exe] C:\WINDOWS\system32\apidc.exe
O4 - HKLM\..\RunOnce: [ieib32.exe] C:\WINDOWS\system32\ieib32.exe
O4 - HKLM\..\RunOnce: [winsl32.exe] C:\WINDOWS\winsl32.exe
O4 - HKLM\..\RunOnce: [atllh.exe] C:\WINDOWS\atllh.exe
O4 - HKLM\..\RunOnce: [addhb.exe] C:\WINDOWS\system32\addhb.exe
O4 - HKLM\..\RunOnce: [apidf.exe] C:\WINDOWS\apidf.exe
O4 - HKLM\..\RunOnce: [msbw32.exe] C:\WINDOWS\system32\msbw32.exe
O4 - HKLM\..\RunOnce: [javajt32.exe] C:\WINDOWS\javajt32.exe
O4 - HKLM\..\RunOnce: [netxb.exe] C:\WINDOWS\netxb.exe
O4 - HKLM\..\RunOnce: [appyf32.exe] C:\WINDOWS\system32\appyf32.exe
O4 - HKLM\..\RunOnce: [ipbm.exe] C:\WINDOWS\ipbm.exe
O4 - HKLM\..\RunOnce: [ietn.exe] C:\WINDOWS\ietn.exe
O4 - HKLM\..\RunOnce: [cryv.exe] C:\WINDOWS\cryv.exe
O4 - HKLM\..\RunOnce: [syskc.exe] C:\WINDOWS\syskc.exe
O4 - HKLM\..\RunOnce: [mfcom.exe] C:\WINDOWS\mfcom.exe
O4 - HKLM\..\RunOnce: [mfcap.exe] C:\WINDOWS\mfcap.exe
O4 - HKLM\..\RunOnce: [crjp.exe] C:\WINDOWS\crjp.exe
O4 - HKLM\..\RunOnce: [ntnz32.exe] C:\WINDOWS\system32\ntnz32.exe
O4 - HKLM\..\RunOnce: [ieql.exe] C:\WINDOWS\system32\ieql.exe
O4 - HKLM\..\RunOnce: [crmx32.exe] C:\WINDOWS\crmx32.exe
O4 - HKLM\..\RunOnce: [ntev.exe] C:\WINDOWS\ntev.exe
O4 - HKLM\..\RunOnce: [ipfw.exe] C:\WINDOWS\system32\ipfw.exe
O4 - HKLM\..\RunOnce: [msct32.exe] C:\WINDOWS\msct32.exe
O4 - HKLM\..\RunOnce: [appmj32.exe] C:\WINDOWS\system32\appmj32.exe
O4 - HKLM\..\RunOnce: [nthv32.exe] C:\WINDOWS\nthv32.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [addqr.exe] C:\WINDOWS\system32\addqr.exe
O4 - HKLM\..\RunOnce: [d3pz32.exe] C:\WINDOWS\d3pz32.exe
O4 - HKLM\..\RunOnce: [appsq32.exe] C:\WINDOWS\appsq32.exe
O4 - HKLM\..\RunOnce: [netiy.exe] C:\WINDOWS\netiy.exe
O4 - HKLM\..\RunOnce: [crpb32.exe] C:\WINDOWS\crpb32.exe
O4 - HKLM\..\RunOnce: [d3pj.exe] C:\WINDOWS\d3pj.exe
O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\system32\appst32.exe
O4 - HKLM\..\RunOnce: [apixx32.exe] C:\WINDOWS\apixx32.exe
O4 - HKLM\..\RunOnce: [iexf.exe] C:\WINDOWS\system32\iexf.exe
O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe
O4 - HKLM\..\RunOnce: [atlvi32.exe] C:\WINDOWS\system32\atlvi32.exe
O4 - HKLM\..\RunOnce: [winis.exe] C:\WINDOWS\winis.exe
O4 - HKLM\..\RunOnce: [atlsl32.exe] C:\WINDOWS\atlsl32.exe
O4 - HKLM\..\RunOnce: [ipit.exe] C:\WINDOWS\ipit.exe
O4 - HKLM\..\RunOnce: [winro32.exe] C:\WINDOWS\system32\winro32.exe
O4 - HKLM\..\RunOnce: [d3pw32.exe] C:\WINDOWS\d3pw32.exe
O4 - HKLM\..\RunOnce: [atlsv32.exe] C:\WINDOWS\system32\atlsv32.exe
O4 - HKLM\..\RunOnce: [mfcsd.exe] C:\WINDOWS\system32\mfcsd.exe
O4 - HKLM\..\RunOnce: [atlbe.exe] C:\WINDOWS\atlbe.exe
O4 - HKLM\..\RunOnce: [atlwv32.exe] C:\WINDOWS\system32\atlwv32.exe
O4 - HKLM\..\RunOnce: [ieaz32.exe] C:\WINDOWS\system32\ieaz32.exe
O4 - HKLM\..\RunOnce: [mfcdl32.exe] C:\WINDOWS\system32\mfcdl32.exe
O4 - HKLM\..\RunOnce: [sysdz32.exe] C:\WINDOWS\system32\sysdz32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\sdkws32.exe
O4 - HKLM\..\RunOnce: [sdkwa32.exe] C:\WINDOWS\sdkwa32.exe
O4 - HKLM\..\RunOnce: [winaj32.exe] C:\WINDOWS\system32\winaj32.exe
O4 - HKLM\..\RunOnce: [addzz.exe] C:\WINDOWS\system32\addzz.exe
O4 - HKLM\..\RunOnce: [sysia.exe] C:\WINDOWS\sysia.exe
O4 - HKLM\..\RunOnce: [mssy32.exe] C:\WINDOWS\mssy32.exe
O4 - HKLM\..\RunOnce: [apisg.exe] C:\WINDOWS\system32\apisg.exe
O4 - HKLM\..\RunOnce: [appwk32.exe] C:\WINDOWS\appwk32.exe
O4 - HKLM\..\RunOnce: [sysgr.exe] C:\WINDOWS\sysgr.exe
O4 - HKLM\..\RunOnce: [iepr.exe] C:\WINDOWS\iepr.exe
O4 - HKLM\..\RunOnce: [mfceg.exe] C:\WINDOWS\mfceg.exe
O4 - HKLM\..\RunOnce: [sdkof32.exe] C:\WINDOWS\sdkof32.exe
O4 - HKLM\..\RunOnce: [sysrq32.exe] C:\WINDOWS\sysrq32.exe
O4 - HKLM\..\RunOnce: [appwv.exe] C:\WINDOWS\system32\appwv.exe
O4 - HKLM\..\RunOnce: [crkx.exe] C:\WINDOWS\crkx.exe
O4 - HKLM\..\RunOnce: [ntob.exe] C:\WINDOWS\ntob.exe
O4 - HKLM\..\RunOnce: [iedy32.exe] C:\WINDOWS\system32\iedy32.exe
O4 - HKLM\..\RunOnce: [sdkop.exe] C:\WINDOWS\system32\sdkop.exe
O4 - HKLM\..\RunOnce: [appcm.exe] C:\WINDOWS\system32\appcm.exe
O4 - HKLM\..\RunOnce: [javawx.exe] C:\WINDOWS\system32\javawx.exe
O4 - HKLM\..\RunOnce: [sysgv32.exe] C:\WINDOWS\sysgv32.exe
O4 - HKLM\..\RunOnce: [apibh.exe] C:\WINDOWS\system32\apibh.exe
O4 - HKLM\..\RunOnce: [appfl32.exe] C:\WINDOWS\system32\appfl32.exe
O4 - HKLM\..\RunOnce: [sysps.exe] C:\WINDOWS\sysps.exe
O4 - HKLM\..\RunOnce: [ieys.exe] C:\WINDOWS\system32\ieys.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [sdkyg32.exe] C:\WINDOWS\system32\sdkyg32.exe
O4 - HKLM\..\RunOnce: [javapc32.exe] C:\WINDOWS\javapc32.exe
O4 - HKLM\..\RunOnce: [iegv.exe] C:\WINDOWS\system32\iegv.exe
O4 - HKLM\..\RunOnce: [iesi32.exe] C:\WINDOWS\iesi32.exe
O4 - HKLM\..\RunOnce: [d3id.exe] C:\WINDOWS\d3id.exe
O4 - HKLM\..\RunOnce: [ntbt32.exe] C:\WINDOWS\system32\ntbt32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://fpw.levelupg...Crypt/npkcx.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysnf32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


hope you can help me with my problem. thanks!!!
  • 0

Advertisements

#2
rfdumayas
Posted 02 August 2005 - 05:03 AM

rfdumayas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
btw, the file infected with bloodhound.w32.ep is C:\WINDOWS\SYSTEM32\WININET.DLL. also, in task manager, i can see in the processes tab that a program combo.exe runs and then disappears almost immediately as it starts. hope this helps. thanks!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP