Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

problems with Avenue A,inc,target net and fad1115 [RESOLVED]

Started by Nas , Sep 27 2005 11:46 AM

  • This topic is locked This topic is locked

#1
Nas
Posted 27 September 2005 - 11:46 AM

Nas

    Member

  • Member
  • PipPip
  • 55 posts
:tazz: i have a really bad problem with these pop ups, ive gotten rid of them but a day later theyve come back! ive searched with spybot and it says that the programs are called Avenue A, inc, advertising.com and double click, and loads of other things. im gettin pop ups like z-quest, fad 1115, acconta,yeildmanager(most common) and my-stats. these pop ups will constantly come up again and again.heres my hijack this log :)

Logfile of HijackThis v1.99.1
Scan saved at 18:29:48, on 27/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\TopContext.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system\qdjhjusca.exe
C:\WINDOWS\system32\shuet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\ntvdm.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {D5D559B9-8159-13FD-6456-8F772E55CD3B} - C:\WINDOWS\Swdmrpkb.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: (no name) - {FC108EF4-6647-30DD-8FA1-B0EF2F0B925A} - C:\WINDOWS\Swdmrpkb.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows More Choice] C:\WINDOWS\TopContext.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpgsdg.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ZoqpRWbpW] shuet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...0/ysb_movie.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/website.ocx
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0009.exe
O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.accessplu...lug/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Nas, 27 September 2005 - 12:31 PM.

  • 0

Advertisements

#2
Excal
Posted 06 October 2005 - 05:39 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Nas and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
Nas
Posted 07 October 2005 - 09:26 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok thnx, yea ive still got this problem, heres my hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 16:26:30, on 07/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\TopContext.exe
C:\WINDOWS\system\qdjhjusca.exe
C:\WINDOWS\system32\shuet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=KillThePopup:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {D5D559B9-8159-13FD-6456-8F772E55CD3B} - C:\WINDOWS\Swdmrpkb.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: (no name) - {FC108EF4-6647-30DD-8FA1-B0EF2F0B925A} - C:\WINDOWS\Swdmrpkb.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows More Choice] C:\WINDOWS\TopContext.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpgsdg.exe reg_run
O4 - HKCU\..\Run: [ZoqpRWbpW] shuet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...0/ysb_movie.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/website.ocx
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0009.exe
O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.accessplu...lug/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0901C45-9A2E-4F6F-963E-2494375EA79D}: NameServer = 212.67.96.129 212.67.120.148
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Excal
Posted 07 October 2005 - 12:00 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

DOWNLOAD PROGRAMS

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Open up and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

5. Close all browsers, windows and unneeded programs.

6. Open HiJack and do a scan.

7. Put a Check next to the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {D5D559B9-8159-13FD-6456-8F772E55CD3B} - C:\WINDOWS\Swdmrpkb.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: (no name) - {FC108EF4-6647-30DD-8FA1-B0EF2F0B925A} - C:\WINDOWS\Swdmrpkb.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows More Choice] C:\WINDOWS\TopContext.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\dpgsdg.exe reg_run
O4 - HKCU\..\Run: [ZoqpRWbpW] shuet.exe
O9 - Extra button: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4C875A2F-BC48-4A0C-A772-1C99DE39AF90} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/website.ocx
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0009.exe

8. click the Fix Checked box

9. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

AutoUpdater

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\AutoUpdate

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system\qdjhjusca.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\TopContext.exe
C:\WINDOWS\system32\dpgsdg.exe
C:\WINDOWS\system32\shuet.exe

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log, Ewido Log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#5
Nas
Posted 08 October 2005 - 06:51 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok, now things have gotten worse. i couldnt use active scan. it just said this, The server is temporarily unable to service your request. Please try again later.
Reference #11.8e42a1d5.1128775774.2aa9fb2

now im gettin 'top banners' pop ups, and the same ones as before. AND everything is displayed and stuck in windows classic theme, all the windows e.t.c.I need serious help
  • 0

#6
Nas
Posted 08 October 2005 - 07:15 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok i am downloadin activescan now, but i have not found out why there is only windows classic listed under my appearance (windows and buttons) i think cleanup deleted the windows xp style.
  • 0

#7
Excal
Posted 08 October 2005 - 08:07 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
We can take care of the classic windows thing with no problem :) lets concentrate on getting the other stuff fixed.

:tazz:

Excal
  • 0

#8
Nas
Posted 08 October 2005 - 09:16 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok wait first i have to use active scan
  • 0

#9
Nas
Posted 08 October 2005 - 11:25 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
i think its worked, ive been surfing on the internet for a long time and nothing has happened, usually i just have to wait about 3 minutes, lol.It found a dialer!!!!! that better not jack up the price for my bill!!!.Any way everything seems to be going perfectly not one pop up! Heres my hijack this log, ewido log and active scan log.

Logfile of HijackThis v1.99.1
Scan saved at 18:21:18, on 08/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=KillThePopup:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...0/ysb_movie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0901C45-9A2E-4F6F-963E-2494375EA79D}: NameServer = 212.67.96.129 212.67.120.148
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:01:21, 08/10/2005
+ Report-Checksum: 8D636EBA

+ Scan result:

HKU\.DEFAULT\Software\Comsoft -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0428FFC7-1931-45b7-95CB-3CBB919777E1} -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\Popup Stopper -> Spyware.BrowserPal : Cleaned with backup
HKU\S-1-5-20\Software\Comsoft -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0428FFC7-1931-45b7-95CB-3CBB919777E1} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-20\Software\Popup Stopper -> Spyware.BrowserPal : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\aaa_soft -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1004336348-1708537768-1647791091-1003_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
HKU\S-1-5-18\Software\Comsoft -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0428FFC7-1931-45b7-95CB-3CBB919777E1} -> Spyware.KeenValue : Error during cleaning
HKU\S-1-5-18\Software\Popup Stopper -> Spyware.BrowserPal : Cleaned with backup
[736] C:\WINDOWS\System32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\SYSTEM\qdjhjusca.exe -> TrojanDownloader.Small.aly : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\SYSTEM32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\dpgsdg.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\vuaky.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\gsjsdjk.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\oanmqnr.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\stlbupdt.DLL -> Spyware.BadBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\banak.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\Freeze.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\SYSTEM32\reg6523.exe -> Spyware.Beginto : Cleaned with backup
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\SYSTEM32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\SYSTEM32\nse11.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\shuet.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\SYSTEM32\rlls.dll -> Spyware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\SYSTEM32\wrapperouter.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\SYSTEM32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\thin-138-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\WinDmy.dll -> Spyware.Getmirar : Cleaned with backup
C:\WINDOWS\SYSTEM32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\WINDOWS\SYSTEM32\auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\esgxpdaq.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mp3Software_Plugin.exe -> TrojanDownloader.FunWeb : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0009.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\stubinstaller4292.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\rlvknlg.exe -> Spyware.RK : Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\thin-143-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\bundle_mediamotor1004.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\slog\VBKeyboardHook.dll -> TrojanSpy.KBMan : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End

Activescan

Incident Status Location

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Dialer:Dialer.Gen No disinfected C:\WINDOWS\SYSTEM32\AdultsOnly-uninstall.exe
Virus:W32/Sdbot.CUB.worm Disinfected C:\WINDOWS\SYSTEM32\wkfix.exe
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:Adware/BrowserAid No disinfected C:\WINDOWS\SYSTEM32\inetp60.dll
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\SYSTEM32\imd01.dll
Adware:adware/ncase No disinfected C:\WINDOWS\SYSTEM32\msbb1.dll
Adware:adware/hotoffers No disinfected C:\WINDOWS\SYSTEM32\MP3.ico
Adware:Adware/Mirar No disinfected C:\WINDOWS\SYSTEM32\WinNB57.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf
Adware:adware/comet No disinfected C:\WINDOWS\Downloaded Program Files\cc.inf
Adware:adware/e2give No disinfected C:\WINDOWS\Downloaded Program Files\UGO20.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/StartPage.AHW No disinfected C:\WINDOWS\bs7beta.exe
Virus:Trj/Spy.KBMan Disinfected C:\WINDOWS\slog\SC.EXE
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall5_48-1.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/IST.SideFind No disinfected C:\Program Files\SideFind\sidefind.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Virus:W32/Sdbot.EKD.worm Disinfected C:\system32.dat
Dialer:Dialer.YC No disinfected C:\undo\backup.cab[nsupd9x.inf]
Adware:Adware/P2PNetworking No disinfected C:\undo\backup.cab[P2P Networking v124.cpl]
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\gjd\Application Data\Sskknwrd.dll
Virus:W32/Sdbot.EKD.worm Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP200\A0164200.exe
Adware:Adware/StartPage.AHW No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0167957.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0167958.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171014.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171015.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171016.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171017.dll
Virus:Trj/Downloader.EFG Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171018.dll
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171019.exe
Adware:Adware/SearchAid No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171021.exe
Adware:Adware/IST.SideFind No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171022.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171023.exe
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171024.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171025.dll
Virus:Trj/Vidro.D Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171027.exe
Virus:Trj/Delfiles.D Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171028.bat
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171029.exe
Adware:Adware/IST.ISTBar No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP211\A0171030.dll
Virus:W32/Sdbot.CUB.worm Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP212\A0171053.exe
Virus:Trj/Spy.KBMan Disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP212\A0171055.EXE
Spyware:Spyware/MarketScore No disinfected C:\System Volume Information\_restore{E32D0429-A52F-4890-981C-E7F11540DC4A}\RP187\A0158986.dll
Adware:Adware/StartPage.AHW No disinfected C:\unzipped\hijackthis\backups\backup-20051008-000944-259.dll
Spyware:Spyware/Media-motor No disinfected C:\unzipped\hijackthis\backups\backup-20051008-000945-389.inf

i think its all clean.
  • 0

#10
Excal
Posted 08 October 2005 - 04:03 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode

Please remove the following folders using Windows Explorer (if present):

C:\Program Files\SideFind
C:\Program Files\Aprps

Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\SYSTEM32\AdultsOnly-uninstall.exe
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\inetp60.dll
C:\WINDOWS\SYSTEM32\imd01.dll
C:\WINDOWS\SYSTEM32\msbb1.dll
C:\WINDOWS\SYSTEM32\MP3.ico
C:\WINDOWS\SYSTEM32\WinNB57.dll
C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled
C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
C:\WINDOWS\Downloaded Program Files\install.inf
C:\WINDOWS\Downloaded Program Files\cc.inf
C:\WINDOWS\Downloaded Program Files\UGO20.exe
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\unstall.exe
C:\WINDOWS\bs7beta.exe
C:\WINDOWS\NDNuninstall5_48-1.exe
C:\WINDOWS\smdat32a.sys
C:\undo\backup.cab
C:\Documents and Settings\gjd\Application Data\Sskknwrd.dll


Run the program CleanUp!

reboot into normal mode and let me know how everything is running.

:tazz:

Excal
  • 0

Advertisements

#11
Nas
Posted 09 October 2005 - 03:38 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
:) HAHA yep, its all running smoothly, my internet has gotten a [bleep] of alot fast :) thanks VERY VERY much, i thought i was gonna be stuck with them pop ups forever! anyway theres still one more thing to do, and thats to get my windows appearance back to xp. :tazz:
  • 0

#12
Excal
Posted 09 October 2005 - 07:23 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
ok Let's fix this.

download a copy of luna.msstyles from the attached file

Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle
  • 0

#13
Nas
Posted 09 October 2005 - 09:30 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
i did not understand any of that
  • 0

#14
Nas
Posted 09 October 2005 - 09:31 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
no wait i do understand
  • 0

#15
Nas
Posted 09 October 2005 - 09:38 AM

Nas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
YES! my copmuter is 100% percent clean, thanx!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP