[Ranger Eklund]

Logfile of HijackThis v1.99.1
Scan saved at 3:04:05 PM, on 25/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TibiaSeveFive\Tibia.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Documents and Settings\Jon\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\sstqq.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [SQLKT]K[gSOV\aNTM`] C:\WINDOWS\System32\dyygkjk.exe
O4 - HKLM\..\Run: [Compd Service Drivrs] codq.exe
O4 - HKLM\..\Run: [Compaq Jes Drivers] winjes.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKLM\..\Run: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKLM\..\Run: [Win32 LSA Driver] lsa.exe
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [MediaXPServicePack2] msncx.exe
O4 - HKLM\..\Run: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\Run: [Microsoft Mapped PC] mapppc.exe
O4 - HKLM\..\Run: [Microsoft Client] mshost.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [Microsoft messenger] msnger.exe
O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] c:\windows\adtech2005.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\9E.tmp
O4 - HKLM\..\RunServices: [SQLKT]K[gSOV\aNTM`] C:\WINDOWS\System32\dyygkjk.exe
O4 - HKLM\..\RunServices: [Compd Service Drivrs] codq.exe
O4 - HKLM\..\RunServices: [Compaq Jes Drivers] winjes.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Windows-XP-Service-Pack] xpspz.exe
O4 - HKLM\..\RunServices: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKLM\..\RunServices: [Win32 LSA Driver] lsa.exe
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKLM\..\RunServices: [MediaXPServicePack2] msncx.exe
O4 - HKLM\..\RunServices: [Intec Service Drivers] msconfig32x.exe
O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mapppc.exe
O4 - HKLM\..\RunServices: [Microsoft Client] mshost.exe
O4 - HKLM\..\RunServices: [Microsoft messenger] msnger.exe
O4 - HKLM\..\RunOnce: [Win32 LSA Driver] lsa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload137a.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132363663640
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\myimsg.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\System32\sstqq.dll
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2VpdGggTWlsbGVy\command.exe
O23 - Service: services32 (Content List Management Sub System) - Unknown owner - C:\WINDOWS\services32.exe
O23 - Service: DynamicHost (DLHOST) - Unknown owner - C:\WINDOWS\dlhost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINDOWS\System32\mousebm.exe
O23 - Service: Microsoft Display (MSDPY) - Unknown owner - C:\WINDOWS\msdpy.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe
O23 - Service: Microsoft New Game 2 (svehost32) - Unknown owner - C:\WINDOWS\svehost32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Windows UDP Communication (wudpcom) - Unknown owner - C:\WINDOWS\System32\wudpcom.exe



I get popups now I am using Mozille Firefox~ Any help is appreciated

[Advertisements]

Bump


I read I am not supposed to do this but my topic was at end of the 3rd page~

[Ranger Eklund]

Bump


I read I am not supposed to do this but my topic was at end of the 3rd page~

[Ranger Eklund]

Logfile of HijackThis v1.99.1
Scan saved at 5:31:13 PM, on 25/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TibiaSeveFive\Tibia.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Jon\Desktop\HijackThis\HijackThis.exe

O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\sstqq.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\myimsg.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\System32\sstqq.dll
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2VpdGggTWlsbGVy\command.exe
O23 - Service: services32 (Content List Management Sub System) - Unknown owner - C:\WINDOWS\services32.exe
O23 - Service: DynamicHost (DLHOST) - Unknown owner - C:\WINDOWS\dlhost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINDOWS\System32\mousebm.exe
O23 - Service: Microsoft Display (MSDPY) - Unknown owner - C:\WINDOWS\msdpy.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe
O23 - Service: Microsoft New Game 2 (svehost32) - Unknown owner - C:\WINDOWS\svehost32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Windows UDP Communication (wudpcom) - Unknown owner - C:\WINDOWS\System32\wudpcom.exe




Heres my log, I am getting loads of pop ups if my browser is open the page redirects and if its closed it opens up and I got some weird stuff downloaded to my desktop that was not from me like Online Dating, Cheap Holiday Tickets and some other things.

[g2i2r4]

Welcome Ranger Eklund to Geeks to Go!

I've merged your topics, please remain in this topic.

***

Please follow all instructions as specified. Print these instructions to ensure all are followed.

Please download the following programs, but do not run them yet:

* rdrivRem.zip

• Unzip it to your desktop.

***

• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will now go to the main screen
• You will need to update ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
• The update will start and a progress bar will show the updates being installed
• After the updates are installed exit Ewido.

***

* CleanUp!

• Install it.

***

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.

***

Please go into the rdrivrem folder and double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.

***

Double-click the Ewido Security Suite icon to run the program.

• Click on scanner
• Click Complete System Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop
• Exit Ewido

***

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
**If it asks if you want to reboot or log off press NO.

***

Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.

***

Run BOTH of these online virus scans (NOT at the same time!):
ActiveScan
TrendMicro's HouseCall - check "Auto Clean"

Save the results from ActiveScan.

***

I need you to post the contents of rdriv.txt, the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.


EDIT:
As there has been no reply from the original poster for more than ten days this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 10 December 2005 - 01:25 PM.