Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can not change homepage :( [CLOSED]


  • This topic is locked This topic is locked

#1
Beluved

Beluved

    New Member

  • Member
  • Pip
  • 8 posts
:tazz: I am not sure if I am doing this right but I need help gettting my PC back to normal.. :)

I can not change my homepage and I get all sorts of pop-ups warning of viruses. Even a banner flies over the top of my desktop telling me my "PC is infected". :)

I have tried seemly everthing. I have XP Home. Please help.. :)

Here is my hijackthis and Ewido log :

Logfile of HijackThis v1.99.1
Scan saved at 12:16:45 PM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\appic32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\mspn.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\Mark\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yduod.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Class - {32D324CC-9C86-A66C-150A-8AF480FE86BF} - C:\WINDOWS\system32\addoy.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Class - {80032002-8818-4EF1-86F8-B58A5C2FB2CF} - C:\WINDOWS\sysas.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [appic32.exe] C:\WINDOWS\appic32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [42BC.tmp.exe] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [42BC.tmp] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...US_ZNxmk580YYJM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2D46EE6-57E2-4E81-AD94-E4DE41C12C8E} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\mspn.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:35:23 PM, 10/1/2005
+ Report-Checksum: 9425BCC5

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{06559367-A395-44B2-D6A0-0631D6323797} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-2419417509-2355186680-1425281122-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
[3036] C:\WINDOWS\system32\addoy.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL -> Spyware.FunWeb : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\addun32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apitn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupon : Cleaned with backup
C:\WINDOWS\d3my.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:ppvbkp -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ipqs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nteb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkau.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuperr.log:owfgat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SETUPLOG.DEL:rpmdvf -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\apidd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\crrc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3dn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipbe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\javamv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\msyj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\netox.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\netpo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntsq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkeo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkyx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\syszl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\tixva.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\yduod.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\winph.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winwf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wmsetup10.log:ntphj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:cytuct -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:dnguvh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:fslzm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:jifkir -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:jqibwx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:kmootw -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:naando -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:uymzwd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:vzqiil -> Trojan.Agent.bi : Cleaned with backup


::Report End
  • 0

Advertisements


#2
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

Please move hijackthis to a permanent directory. This is very important for making backups in case something goes wrong.

Somewhere such as C:\Program Files\Hijackthis\Hijackthis.exe is fine.

If the problem has been resolved, please let us know.
  • 0

#3
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes.. I still need help thanks..
I don't want to re-install but it is getting pretty bad and I am getting quite desperate.. :tazz:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:10:55 PM, 10/5/2005
+ Report-Checksum: FED089F5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4FBFBE36-BC17-CAB4-CA0B-1F18DD30B292} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
[2996] C:\WINDOWS\system32\crqt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Mark\Start Menu\Programs\WhenU -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Mark\Start Menu\Programs\WhenU\Learn More About Save!.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Mark\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\Mark\Start Menu\Programs\WhenU\WhenU.com Website.url -> Spyware.SaveNow : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\atlbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ciaaw.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:dvght -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\COM+.log:cvnsr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dasetup.log:usjknw -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DELL.BMP:llfypo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\desktop.html -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\FaxSetup.log:projvy -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:ppvbkp -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\imsins.log:jutzqv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB883939.log:uuwrc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885250.log:hagpn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885835.log:csxtap -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885884.log:trnfcl -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB887472.log:utihca -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB890859.log:arvaha -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB891781.log:iyuzpp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB896358.log:lzgslk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB896422.log:hqjig -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB898461.log:gfqmtc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nsreg.dat:wliqtx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.ISU:asxzox -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:qlplkd -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:mdydk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkxn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SETUPAPI.DEL:vvuayj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:selgl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:selgly -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\apirc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crkv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crpr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\gepcg.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\isobx.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\javaos.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\mshm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\taurl.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__sdkdp32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:hrkco -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\TSOC.LOG:kfelni -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\urxnw.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\usjkn.log:skdfpu -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ybbxa.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\zhivg.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:cytuct -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:icweu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:idyof -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_DEFAULT.PIF:rpxwbn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__atlqm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__iesp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End
  • 0

#4
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Could you post back a hijackthis log as well, please.
  • 0

#5
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Opps..

Logfile of HijackThis v1.99.1
Scan saved at 5:01:01 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Mark\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\foeol.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\foeol.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {263AC5C0-2CAF-148B-2A5D-23E5C2F07456} - C:\WINDOWS\javamn32.dll (file missing)
O2 - BHO: Class - {32D324CC-9C86-A66C-150A-8AF480FE86BF} - C:\WINDOWS\system32\addoy.dll (file missing)
O2 - BHO: Class - {4129401E-E0CC-8390-738E-DCC2CDEFBA2B} - C:\WINDOWS\system32\sdknk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - C:\WINDOWS\atlgd.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Class - {629677B4-0CD0-BF9C-EB4D-A30FECDBC8D6} - C:\WINDOWS\atljs32.dll (file missing)
O2 - BHO: Class - {6BFD4FF9-22B6-A8BC-8348-E8EF313969E1} - C:\WINDOWS\system32\crtc32.dll (file missing)
O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfchw32.dll (file missing)
O2 - BHO: Class - {72763199-C2D7-3547-5C10-D62AF7ADE07C} - C:\WINDOWS\system32\apige32.dll (file missing)
O2 - BHO: Class - {72D8F6E0-C3C3-FA3B-4F7B-F169B8539684} - C:\WINDOWS\system32\appht.dll (file missing)
O2 - BHO: Class - {80032002-8818-4EF1-86F8-B58A5C2FB2CF} - C:\WINDOWS\sysas.dll (file missing)
O2 - BHO: Class - {8C3BE16C-9DB0-1C34-B3DA-DA41BC00AA25} - C:\WINDOWS\system32\crpr.dll (file missing)
O2 - BHO: Class - {98529CC2-52A9-99EE-F7DF-D4FA46CD1BDA} - C:\WINDOWS\system32\sdkjy32.dll (file missing)
O2 - BHO: Class - {A3E8BBF8-81F7-DEB8-824C-AF76F0A72CC3} - C:\WINDOWS\system32\sdkdp32.dll (file missing)
O2 - BHO: Class - {A8A452B1-264D-CBE7-DD85-9FEDA46257B6} - C:\WINDOWS\system32\mfczy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801} - C:\WINDOWS\apinl32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - C:\WINDOWS\system32\mskb.dll (file missing)
O2 - BHO: Class - {D4B28452-EDD5-AF42-C7EF-8F536536977B} - C:\WINDOWS\system32\mshm32.dll (file missing)
O2 - BHO: Class - {DA5DCA91-F5FF-2B1E-5600-CAF4A6F988F3} - C:\WINDOWS\system32\syslt32.dll (file missing)
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\atlqm32.dll (file missing)
O2 - BHO: Class - {E4F81D49-D627-F1CA-FA4A-24E3C374D656} - C:\WINDOWS\iesp.dll (file missing)
O2 - BHO: Class - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\WINDOWS\system32\ieou32.dll (file missing)
O2 - BHO: Class - {F1681988-BCE8-E7DB-6B1C-5BD77FF6E92C} - C:\WINDOWS\system32\wings32.dll (file missing)
O2 - BHO: Class - {FA2653A0-F026-3FE9-D1FA-FA3712FEE6B5} - C:\WINDOWS\system32\appyg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [42BC.tmp.exe] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [42BC.tmp] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [netyh.exe] C:\WINDOWS\system32\netyh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128184837343
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2D46EE6-57E2-4E81-AD94-E4DE41C12C8E} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\mspn.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Hijackthis is still in a temporary directory, I can tell because of this line.

C:\Documents and Settings\Mark\Local Settings\Temp\HijackThis.exe

It is very important it is moved to a permanent directory.

Somewhere such as C:\Program Files\Hijackthis\Hijackthis.exe is fine.

You can try extracting it to C:\Program Files\Hijackthis if you dont know how to copy and paste.
  • 0

#7
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OMG.. what is wrong with me.. :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 7:50:11 AM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\foeol.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jamaica-gleaner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\foeol.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\foeol.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {263AC5C0-2CAF-148B-2A5D-23E5C2F07456} - C:\WINDOWS\javamn32.dll (file missing)
O2 - BHO: Class - {32D324CC-9C86-A66C-150A-8AF480FE86BF} - C:\WINDOWS\system32\addoy.dll (file missing)
O2 - BHO: Class - {4129401E-E0CC-8390-738E-DCC2CDEFBA2B} - C:\WINDOWS\system32\sdknk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - C:\WINDOWS\atlgd.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Class - {629677B4-0CD0-BF9C-EB4D-A30FECDBC8D6} - C:\WINDOWS\atljs32.dll (file missing)
O2 - BHO: Class - {6BFD4FF9-22B6-A8BC-8348-E8EF313969E1} - C:\WINDOWS\system32\crtc32.dll (file missing)
O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfchw32.dll (file missing)
O2 - BHO: Class - {72763199-C2D7-3547-5C10-D62AF7ADE07C} - C:\WINDOWS\system32\apige32.dll (file missing)
O2 - BHO: Class - {72D8F6E0-C3C3-FA3B-4F7B-F169B8539684} - C:\WINDOWS\system32\appht.dll (file missing)
O2 - BHO: Class - {80032002-8818-4EF1-86F8-B58A5C2FB2CF} - C:\WINDOWS\sysas.dll (file missing)
O2 - BHO: Class - {8C3BE16C-9DB0-1C34-B3DA-DA41BC00AA25} - C:\WINDOWS\system32\crpr.dll (file missing)
O2 - BHO: Class - {98529CC2-52A9-99EE-F7DF-D4FA46CD1BDA} - C:\WINDOWS\system32\sdkjy32.dll (file missing)
O2 - BHO: Class - {A3E8BBF8-81F7-DEB8-824C-AF76F0A72CC3} - C:\WINDOWS\system32\sdkdp32.dll (file missing)
O2 - BHO: Class - {A8A452B1-264D-CBE7-DD85-9FEDA46257B6} - C:\WINDOWS\system32\mfczy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801} - C:\WINDOWS\apinl32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - C:\WINDOWS\system32\mskb.dll (file missing)
O2 - BHO: Class - {D4B28452-EDD5-AF42-C7EF-8F536536977B} - C:\WINDOWS\system32\mshm32.dll (file missing)
O2 - BHO: Class - {DA5DCA91-F5FF-2B1E-5600-CAF4A6F988F3} - C:\WINDOWS\system32\syslt32.dll (file missing)
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\atlqm32.dll (file missing)
O2 - BHO: Class - {E4F81D49-D627-F1CA-FA4A-24E3C374D656} - C:\WINDOWS\iesp.dll (file missing)
O2 - BHO: Class - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\WINDOWS\system32\ieou32.dll (file missing)
O2 - BHO: Class - {F1681988-BCE8-E7DB-6B1C-5BD77FF6E92C} - C:\WINDOWS\system32\wings32.dll (file missing)
O2 - BHO: Class - {FA2653A0-F026-3FE9-D1FA-FA3712FEE6B5} - C:\WINDOWS\system32\appyg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [42BC.tmp.exe] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [42BC.tmp] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128184837343
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2D46EE6-57E2-4E81-AD94-E4DE41C12C8E} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\mspn.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#8
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Please print these instructions, has we will need them in safe mode.

Please download Microsoft AntiSpyware Here.

Save the file somewhere you will remember, like your desktop.

Please install and update MS Antispyware.

On the main menu, click Spyware Definitions.
Allow it to update everything.

On the main menu again, select Scan Options.

Make sure the box marked Full system scan is selected.
Verify all the drives are also selected and close MS Antispyware.

Please reboot to Safe Mode by restarting the computer and tapping F8 on the keyboard until you get a list, select safe mode from that list.

Please start Microsoft Antispyware and press the Run Scan Now button. When it has finished scanning, verify everything it detected is set to remove and press the Take Selected action button.
It will now ask you to allow it to reboot the computer, let it do so.

After the computer has restarted, please run an antivirus scan at Kaspersky Here.
Please make sure to save the scan results to a logfile.

Please post a new Hijackthis log and the Kaspersky logfile.
  • 0

#9
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, in advance, for your help.. :tazz:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 08, 2005 17:51:06
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/10/2005
Kaspersky Anti-Virus database records: 143803
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 78393
Number of viruses found: 6
Number of infected objects: 176
Number of suspicious objects: 0
Duration of the scan process: 3239 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-2655835d.zip/web.exe Infected: Trojan-Downloader.Win32.Small.bkg
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-330ed794-2655835d.zip Infected: Trojan-Downloader.Win32.Small.bkg
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0016469.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP182\A0016471.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016653.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016654.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016713.exe Infected: Trojan-Clicker.Win32.Spywad.h
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016714.hta Infected: Trojan-Dropper.VBS.Inor.ct
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016780.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016780.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016799.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016799.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016806.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0016806.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0016807.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0016807.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0016824.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0016824.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0017084.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP186\A0017084.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017106.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017106.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017106.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017106.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017143.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017143.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017143.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017143.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017159.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017159.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017159.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017159.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017176.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017176.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017176.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017176.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017245.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017245.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017245.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP187\A0017245.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017252.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017252.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017252.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017252.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017276.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017276.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017276.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP188\A0017276.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP189\A0017278.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP189\A0017278.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP189\A0017278.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP189\A0017278.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0017322.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0017322.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0017322.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0017322.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP190\A0017519.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017691.PIF:dnguvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017691.PIF:kmootw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017691.PIF:naando:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017691.PIF:vzqiil:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017693.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017694.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017712.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017713.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017715.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017716.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017717.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017718.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017719.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017720.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017721.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017722.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017724.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017725.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017726.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017727.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017728.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017729.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017730.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017731.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017732.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017733.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017735.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0017736.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017913.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017914.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017915.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017916.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017943.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017943.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017943.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017943.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0017943.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0017945.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018919.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0018941.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\A0018968.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018994.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0018995.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019935.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019936.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019937.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019938.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019939.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019949.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:cytuct:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:idyof:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:rpxwbn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019960.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019961.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019963.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019965.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019967.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019968.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019969.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019972.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019981.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019982.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019983.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP195\A0019984.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020005.ISU:vqzrnr:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020006.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020007.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:dvpmgl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:exlin:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:lufheb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0020008.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP199\A0020022.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlpj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\BOOTSTAT.DAT:efted:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\dasetup.log:gwjaq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\DESKTOP.INI:depeky:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\DtcInstall.log:xtuvjj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\jdprv.txt:cmdesg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB894391.log:awopp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB899587.log:twflhd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB901214.log:ygjrnm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Retrieve.INI:bntdgq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setuperr.log:qguba:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\SYSTEM32\creo.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\SYSTEM32\crmc32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_DEFAULT.PIF:dvpmgl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_DEFAULT.PIF:exlin:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_DEFAULT.PIF:swxga:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_DEFAULT.PIF:uymzwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_DEFAULT.PIF:xxuqp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 5:54:57 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jamaica-gleaner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\foeol.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\foeol.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\foeol.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {263AC5C0-2CAF-148B-2A5D-23E5C2F07456} - C:\WINDOWS\javamn32.dll (file missing)
O2 - BHO: Class - {32D324CC-9C86-A66C-150A-8AF480FE86BF} - C:\WINDOWS\system32\addoy.dll (file missing)
O2 - BHO: Class - {4129401E-E0CC-8390-738E-DCC2CDEFBA2B} - C:\WINDOWS\system32\sdknk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {598A5F00-4A66-99FC-2B27-4167ACFF6680} - C:\WINDOWS\atlgd.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Class - {629677B4-0CD0-BF9C-EB4D-A30FECDBC8D6} - C:\WINDOWS\atljs32.dll (file missing)
O2 - BHO: Class - {6BFD4FF9-22B6-A8BC-8348-E8EF313969E1} - C:\WINDOWS\system32\crtc32.dll (file missing)
O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfchw32.dll (file missing)
O2 - BHO: Class - {72763199-C2D7-3547-5C10-D62AF7ADE07C} - C:\WINDOWS\system32\apige32.dll (file missing)
O2 - BHO: Class - {72D8F6E0-C3C3-FA3B-4F7B-F169B8539684} - C:\WINDOWS\system32\appht.dll (file missing)
O2 - BHO: Class - {80032002-8818-4EF1-86F8-B58A5C2FB2CF} - C:\WINDOWS\sysas.dll (file missing)
O2 - BHO: Class - {8C3BE16C-9DB0-1C34-B3DA-DA41BC00AA25} - C:\WINDOWS\system32\crpr.dll (file missing)
O2 - BHO: Class - {98529CC2-52A9-99EE-F7DF-D4FA46CD1BDA} - C:\WINDOWS\system32\sdkjy32.dll (file missing)
O2 - BHO: Class - {A3E8BBF8-81F7-DEB8-824C-AF76F0A72CC3} - C:\WINDOWS\system32\sdkdp32.dll (file missing)
O2 - BHO: Class - {A8A452B1-264D-CBE7-DD85-9FEDA46257B6} - C:\WINDOWS\system32\mfczy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {BDA699FB-0E8D-A0B8-53AB-A0FCE79D4801} - C:\WINDOWS\apinl32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C68539AC-6CD1-A082-BEB2-8A3A1C72F103} - C:\WINDOWS\system32\mskb.dll (file missing)
O2 - BHO: Class - {D4B28452-EDD5-AF42-C7EF-8F536536977B} - C:\WINDOWS\system32\mshm32.dll (file missing)
O2 - BHO: Class - {DA5DCA91-F5FF-2B1E-5600-CAF4A6F988F3} - C:\WINDOWS\system32\syslt32.dll (file missing)
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\atlqm32.dll (file missing)
O2 - BHO: Class - {E4F81D49-D627-F1CA-FA4A-24E3C374D656} - C:\WINDOWS\iesp.dll (file missing)
O2 - BHO: Class - {EBB02D60-86DF-C802-E656-4267939DA210} - C:\WINDOWS\system32\ieou32.dll (file missing)
O2 - BHO: Class - {F1681988-BCE8-E7DB-6B1C-5BD77FF6E92C} - C:\WINDOWS\system32\wings32.dll (file missing)
O2 - BHO: Class - {FA2653A0-F026-3FE9-D1FA-FA3712FEE6B5} - C:\WINDOWS\system32\appyg.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [42BC.tmp.exe] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [42BC.tmp] C:\DOCUME~1\Mark\LOCALS~1\Temp\42BC.tmp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam....tall/SSItem.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam....ll/SimItems.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128184837343
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam....all/General.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam....tall/CRItem.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2D46EE6-57E2-4E81-AD94-E4DE41C12C8E} (AICPAViewer.clsViewer) - http://www.cpa-exam....AICPAViewer.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam....CPAViewerIL.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\mspn.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.
  • Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.
  • Prepare AboutBuster for use:
    • Download AboutBuster.
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update".
    • You should not run the program yet so click "Exit".
  • Prepare cwsserviceremove.reg for use:
    • Download cwsserviceremove.zip.
    • Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.
    • Please do not do anything with it yet.
  • 4. Prepare Cleanup for use
  • Download cleanup Here.
  • Please install it, and put a shorcut on your dekstop.
  • Do not do anything with it yet.
Save all of these files somewhere you will remember like to the Desktop.

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run the Cwsserviceremove.reg file that you downloaded earlier.

Run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files. Reboot your computer into normal windows.

Please run an on-line virus scan at Panda Active Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

Advertisements


#11
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am trying to load the Aboutbuster executable... but I keep getting Run-time error 5'. "Invalid call or argument'.. This is my fourth time downloading and runnign it. Do you have another options

Edited by Beluved, 10 October 2005 - 08:51 PM.

  • 0

#12
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Please download the Visual Basic 6.0 Run-time Files and install it.

Then, download and install the Visual Basic 6.0 Service Pack 5 and reboot.

See if About:Buster will run, and if it does go ahead and follow the instructions.
  • 0

#13
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Intalled both and reboot as suggested. I am still g :tazz: etting the same runtime error.. :)
  • 0

#14
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Beluved.

Let's download a few more files.

Please delete the About:Buster! you have now, download this one, and extract it to C:\About Buster 5.0

Microsoft Visual Basic 6.0 Common Controls
Missingfilesetup
COMCTL32.OCX

Install the last one in C:\Windows\System32

Try running About:Buster! in both normal mode and safe mode after doing the above.

Also, how far can you get before that error pops up? Is it right after you try running it?
  • 0

#15
Beluved

Beluved

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I deleted and reloaded as recommended. Unfortunately I am receive the same error. I am able to run the executable and it open. When I select 'update', this is when I receive the error alert. :tazz:

Not sure what i am doing wrong.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP