Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PS Guard and maybe something else


  • Please log in to reply

#1
northstarmedia

northstarmedia

    New Member

  • Member
  • Pip
  • 3 posts
Can you help a sister out?
Logfile of HijackThis v1.99.1
Scan saved at 6:14:31 PM, on 9/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\ROOT\System32\smss.exe
D:\ROOT\system32\winlogon.exe
D:\ROOT\system32\services.exe
D:\ROOT\system32\lsass.exe
D:\ROOT\system32\svchost.exe
D:\ROOT\System32\svchost.exe
D:\ROOT\system32\spoolsv.exe
F:\Program Files\3ware\3DM\3dmd.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Expertcity\GoToMyPC\g2svc.exe
F:\Program Files\Expertcity\GoToMyPC\g2comm.exe
D:\ROOT\System32\nvsvc32.exe
F:\Program Files\Expertcity\GoToMyPC\g2tray.exe
D:\ROOT\Explorer.EXE
F:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\ROOT\System32\svchost.exe
D:\ROOT\System32\RUNDLL32.EXE
F:\Program Files\TightVNC\WinVNC.exe
F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\ROOT\System32\inetsrv\inetinfo.exe
F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
F:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\ROOT\System32\hpoipm07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\ROOT\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.intel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - D:\ROOT\system32\7lh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\ROOT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] D:\ROOT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\ROOT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinVNC] "F:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\ROOT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PRONoMgrWired] F:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [GoToMyPC] F:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\ROOT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PSGuard] F:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\ROOT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\RunOnce: [jo43o4m.exe] D:\ROOT\System32\jo43o4m.exe /k
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp instant support.lnk = D:\Program Files\HP\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - D:\ROOT\SYSTEM32\igfxsrvc.dll
O23 - Service: 3DM - Unknown owner - F:\Program Files\3ware\3DM\3dmd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: GoToMyPC - Unknown owner - F:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - F:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\ROOT\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - F:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi northstarmedia and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
northstarmedia

northstarmedia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello!

I still need help! Please let me know ifyou can :tazz:

Thanks
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Sure, when you get a minute, can you please post a fresh HiJackthis log and let me know exactly whats going on with ur computer.


Thanks,

:tazz:

Excal
  • 0

#5
northstarmedia

northstarmedia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:31:02 AM, on 9/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\ROOT\System32\smss.exe
D:\ROOT\system32\winlogon.exe
D:\ROOT\system32\services.exe
D:\ROOT\system32\lsass.exe
D:\ROOT\system32\svchost.exe
D:\ROOT\System32\svchost.exe
D:\ROOT\system32\spoolsv.exe
D:\ROOT\Explorer.EXE
F:\Program Files\3ware\3DM\3dmd.exe
F:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\Expertcity\GoToMyPC\g2svc.exe
F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\iTunes\iTunesHelper.exe
D:\ROOT\System32\nvsvc32.exe
D:\ROOT\System32\svchost.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Expertcity\GoToMyPC\g2comm.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\ROOT\System32\RUNDLL32.EXE
F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
F:\Program Files\TightVNC\WinVNC.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Expertcity\GoToMyPC\g2tray.exe
F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
D:\ROOT\System32\inetsrv\inetinfo.exe
F:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
F:\Program Files\Microsoft ActiveSync\WCESMgr.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\ROOT\System32\hpoipm07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
F:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.intel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - D:\ROOT\system32\yz1i6z.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\ROOT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] D:\ROOT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\ROOT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinVNC] "F:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\ROOT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PRONoMgrWired] F:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [GoToMyPC] F:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\ROOT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PSGuard] F:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\ROOT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\RunOnce: [q0mu14.exe] D:\ROOT\System32\q0mu14.exe /k
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: hp instant support.lnk = D:\Program Files\HP\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O20 - Winlogon Notify: igfxcui - D:\ROOT\SYSTEM32\igfxsrvc.dll
O23 - Service: 3DM - Unknown owner - F:\Program Files\3ware\3DM\3dmd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: GoToMyPC - Unknown owner - F:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - F:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\ROOT\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - F:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


DOWNLOAD PROGRAMS


Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Close Ewido, we will use this later.

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder


THE FIX


1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\ROOT\system32\enebw.dll/sp.html#17702
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - D:\ROOT\system32\yz1i6z.dll
O4 - HKLM\..\Run: [PSGuard] F:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\RunOnce: [q0mu14.exe] D:\ROOT\System32\q0mu14.exe /k
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\ROOT\web\related.htm


8. click the Fix Checked box

9. Please remove just the files from the following paths using Windows Explorer (if present):

D:\ROOT\System32\q0mu14.exe
D:\ROOT\web\related.htm


10. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

11. Open Ad-aware and do a full scan. Remove all it finds.

12. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

13. Next go to Control Panel click appearance and themes>click Display > Desktop Tab> click Customize Desktop > Web tab > Uncheck anthing in there if present.

14. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
15. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

16. Run the program CleanUp!

17. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

18. Please post the Active scan log, Ewido log, About:Buster log, smitfiles.txt log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP