Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wininet.dll

Started by Opgots , Feb 12 2006 06:35 PM

  • Please log in to reply

#1
Opgots
Posted 12 February 2006 - 06:35 PM

Opgots

    Member

  • Member
  • PipPip
  • 16 posts
Upon turning on my computer I get a message that saddens me. "This application has failed to start because wininet.dll was not found. Re-installing the application may fix this problem." Heres the funny thing, I know where wininet.dll is. I can find it. By running it with Windows Explorer, I can get windows explorer to work. My other programs...not so much.

Only internet programs and spyware search programs are really affected by this. But its still annoying. I find Wininet.dll in C:\WINDOWS\ServicePackFiles\i386 as an application extention. Among the programs affected by this: Ad-aware, Spybot, AOL programs. Ironically instant messanger programs are not affected.

Ive tried many things to fix this. Ok not many, but the obvious ones. System Restore, Last Good Configuration. No good. I cant system restore without getting a "Cannot restore to this point. No changes were made to your computer." Ive tried til about the beginning of Febuary, then I gave up. Perchance I shouldnt have.

In any case, I dont know what to do. So if you could help me out here....
  • 0

Advertisements

#2
loophole
Posted 13 February 2006 - 01:10 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi Opgots :tazz:

please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Show Hidden Files and Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and
  • folders heading, select Show hidden files and folders.
  • Uncheck: Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Browse to this folder C:\WINDOWS\ServicePackFiles\i386 and find wininet.dll then right click it and select copy (not cut) then browse to this folder C:\WINDOWS\system32 then open the system32 folder and right click in an open area and then select paste.

Reboot

Let me know if this works. This problem is usually caused by malware I recommend you get Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Opgots
Posted 13 February 2006 - 03:31 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sounds fun...one problem..

I dont have a system32 folder. Kinda sad. So what to now?
  • 0

#4
loophole
Posted 13 February 2006 - 03:41 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
You are using xp correct? If you are then you have to have a system32 folder :tazz: . Can you follow the below instructions.It should solve the problem of the wininet.dll Let me know

smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.


Reboot and post the smitfiles.txt and go ahead and get Hijack this. There may be more going on here.

Edited by loophole, 13 February 2006 - 03:42 PM.

  • 0

#5
Opgots
Posted 13 February 2006 - 04:22 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yeah... about that.... there was a system32 file, i just couldnt find it. After going through your steps, I found that after restarting my computer, I found that Windows would find Winnet.dll, and everything worked. BUT your quick fix let loose a viral program that I've had blocked on my computer. The program, entitled, I think, Lockbr.exe freezes explorer the minute it pops up. I can manage to bring up my task manager, but I've only been able to open one program sucessfuly, AdAware. This is of course, after ending explorer. Incidently, I'm not typing this, my best friend is (howdy ya'll, the names Mike, nice to meet you). Ad Aware kinda freezes up when it starts to scan my browser cache. So what do you propose I (read: he) does now.
  • 0

#6
loophole
Posted 13 February 2006 - 07:33 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
hey Opgots (or friend)

I think you have a few trojans on that system, the most obvious being W32.Loxbot..You can put AdAware to bed for the time being , it won't do any good right now anyway. We will need the tool below to find them

I recommend you get Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results.

Also post this please

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.


Thanks

Edited by loophole, 13 February 2006 - 07:35 PM.

  • 0

#7
Opgots
Posted 16 February 2006 - 07:38 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:33:57 PM, on 2/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\links.exe
C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\AIM\aim.exe
C:\winstall.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Enrique\Local Settings\Temporary Internet Files\Content.IE5\Q8IPF9KW\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://install.spywa...g/Tracking.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [freexstyle] lockbr.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-ra....n/MGXPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099358912398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge...geUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F8500B09-46D8-4DFA-B6BA-CE1DC96C9626} (MetaGateX Class) - http://www.va-sa-ra....mgx/win/MGX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\taskmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
---------------------------------------

Whatever
"The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log in your next reply." means, I had no idea.
  • 0

#8
loophole
Posted 16 February 2006 - 08:06 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes you do have a few trojans

Whatever
"The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log in your next reply." means, I had no idea.


click start >>run copy and paste this in c:\smitfiles.txt click OK then copy and paste what pops up into this thread then we can continue
  • 0

#9
Opgots
Posted 16 February 2006 - 08:14 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Doesnt exist according to the computer.
  • 0

#10
loophole
Posted 16 February 2006 - 09:04 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Strange,it should exist. We need to run it again anyway

Hijack fixes

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [freexstyle] lockbr.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [freexstyle] lockbr.exe
O4 - HKCU\..\Run: [freexstyle] lockbr.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe

Now close all windows other than HiJackThis, then click Fix Checked

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
.


Uninstall

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

AlfaCleaner
winupdates

Folder deletions

Please delete the folders in red using Windows Explorer(if present):


C:\Program Files\AlfaCleaner
C:\Program Files\winupdates

File deletions

Please delete the files in red using Windows Explorer(if present):

C:\WINDOWS\System32\lockbr.exe
C:\WINDOWS\System32\links.exe

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with a new Hijack log in your next reply.


Please post the smitfiles.txt and a new Hijack log

Thanks
  • 0

Advertisements

#11
Opgots
Posted 17 February 2006 - 07:56 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:55:01 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
C:\WINDOWS\system32\intell321.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Enrique\My Documents\My Music\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://install.spywa...g/Tracking.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32

\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32

\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!

\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!

\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-

ra.co.jp/mgx/win/MGXPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...b?1099358912398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -

http://www.filelodge...geUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F8500B09-46D8-4DFA-B6BA-CE1DC96C9626} (MetaGateX Class) - http://www.va-sa-ra....mgx/win/MGX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program

Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\taskmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1

\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 02/17/2006
The current time is: 16:53:16.40

Running from
C:\Documents and Settings\Enrique\My Documents\filelib\opgots\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 732 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :tazz:
-----------------------------------

And there you have it.
  • 0

#12
loophole
Posted 17 February 2006 - 08:03 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Open task manager (cntr+alt+del) click on "image name" scroll down and end task on this file intel321

Browse to here C:\WINDOWS\system32\intell321.exe and delete that file

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
.
  • 0

#13
Opgots
Posted 18 February 2006 - 07:09 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 18, 2006 8:07:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/02/2006
Kaspersky Anti-Virus database records: 177368
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 76246
Number of viruses found: 50
Number of infected objects: 178
Number of suspicious objects: 0
Duration of the scan process: 01:06:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Diego\Local Settings\Temp\cmdinst.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Documents and Settings\Diego\Local Settings\Temp\GLB12.tmp/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Documents and Settings\Diego\Local Settings\Temp\GLB12.tmp WiseSFX: infected - 1 skipped
C:\Documents and Settings\Diego\Local Settings\Temp\i29.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Documents and Settings\Diego\Local Settings\Temp\i2A.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Documents and Settings\Diego\Local Settings\Temp\k_3D69.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Diego\Local Settings\Temp\k_8F5A.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Diego\Local Settings\Temp\k_DFAC.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Diego\Local Settings\Temp\k_EB07.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Diego\Local Settings\Temp\u33.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\A0031021.exe.tcf.bac_a04092 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\archive1213.jar-539db050-1504d7d9.zip.bac_a04092/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\archive1213.jar-539db050-1504d7d9.zip.bac_a04092/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\archive1213.jar-539db050-1504d7d9.zip.bac_a04092/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\archive1213.jar-539db050-1504d7d9.zip.bac_a04092 ZIP: infected - 3 skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\archive1213.jar-539db050-1504d7d9.zip.bac_a04092 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\dnki.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f185531.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f237281.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f257546.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f357296.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f388390.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f490609.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f579796.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\f691625.exe.tcf.bac_a04092 Infected: Trojan-Downloader.Win32.Qoologic.ac skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_12ED.tmp.bac_a04092 Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_5262.tmp.bac_a04092 Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_74DB.tmp.bac_a04092 Infected: Trojan.Win32.EliteBar.f skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_8236.tmp.bac_a04092 Infected: Trojan.Win32.EliteBar.f skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_ACC2.tmp.bac_a04092 Infected: Trojan-Downloader.Win32.Agent.tv skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\k_B4DF.tmp.bac_a04092 Infected: Trojan.Win32.EliteBar.f skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\Mshtml3.exe.tcf.bac_a04092 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\nt_hide78.dll.bac_a04092 Infected: Trojan.Win32.EliteBar.g skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.r skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.r skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.r skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.r skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092 CAB: infected - 5 skipped
C:\Documents and Settings\Enrique\.housecall\Quarantine\rp144.tmp.bac_a04092 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-1426acd9-6cb948f8.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-1540eca1-6c917c20.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-275eaf6f-23cd9efc.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-3157a8e7-1e8cf707.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-484623a-7c4d79d0.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-70a59b3e-6b5faa81.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-cd79d9d-42b928ea.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Enrique\Local Settings\Temporary Internet Files\Content.IE5\0PYVW9M3\psg[1].anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Documents and Settings\Enrique\My Documents\filelib\e3paz\aimfix_quarantine\3945_taskmgr.exe.bak Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Enrique\My Documents\My Music\Downloads\Musicmatch Jukebox Plus 10.00.4033.zip/Setup.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Documents and Settings\Enrique\My Documents\My Music\Downloads\Musicmatch Jukebox Plus 10.00.4033.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Enrique\My Documents\My Received Files\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Enrique\My Documents\My Received Files\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\cmdinst.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\GLB1A.tmp/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\GLB1A.tmp WiseSFX: infected - 1 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\GLB79.tmp/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\GLB79.tmp WiseSFX: infected - 1 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\i1E.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\i29.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\i6E.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp17.tmp CAB: infected - 5 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp1F.tmp CAB: infected - 5 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\rp28.tmp CAB: infected - 5 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\tpa0003.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.d skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\tpa0003.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.c skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\tpa0003.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u19.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u1A.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u1B.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u20.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u21.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u22.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u23.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u24.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u25.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u2C.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u2D.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temp\u2E.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Enrique III\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\tpa0003[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.d skipped
C:\Documents and Settings\Enrique III\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\tpa0003[1].exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.c skipped
C:\Documents and Settings\Enrique III\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\tpa0003[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\Kike & Martha\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-484623a-5d64d3ff.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\rp3.tmp CAB: infected - 5 skipped
C:\Documents and Settings\Kike & Martha\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\psg[1].anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DTBUVFUD\!update-2604[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.at skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\J5AOBS4W\!update-2624[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\ncj.exe Infected: not-virus:Hoax.Win32.Renos.bh skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50650A76 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69830FF5 Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74CD54CB Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\rdso\eetu.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\Program Files\sf\sf.exe Infected: Trojan-Downloader.Win32.Small.hs skipped
C:\Program Files\Yahpport\ace.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Yahpport\elsredui.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Yahpport\modfmifs.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Yahpport\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
C:\psgj.exe Infected: not-virus:Hoax.Win32.Renos.bb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0048676.exe Infected: Trojan-Downloader.Win32.VB.hw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0048691.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0048749.exe Infected: Trojan.Win32.LowZones.df skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0048750.exe Infected: Trojan.Win32.LowZones.df skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0050367.dll Infected: Trojan-Downloader.Win32.Qoologic.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP594\A0050959.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP594\A0050961.exe Infected: Trojan-Downloader.Win32.VB.hj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP598\A0051247.exe Infected: not-virus:Hoax.Win32.Renos.an skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP598\A0051587.exe Infected: Email-Worm.Win32.VB.an skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP603\A0051999.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP603\A0052001.exe Infected: Trojan-Downloader.Win32.VB.hj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP609\A0052266.exe Infected: not-virus:Hoax.Win32.Renos.an skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052479.exe Infected: not-virus:Hoax.Win32.Renos.aw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052480.exe Infected: not-virus:Hoax.Win32.Renos.aw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052482.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0053608.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0053648.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP622\A0053721.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP623\A0053790.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP624\A0053842.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0053900.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP626\A0053965.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP627\A0054021.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0054077.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0054125.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0054127.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP629\A0054202.exe Infected: not-virus:Hoax.Win32.Renos.aw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP629\A0054241.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0054284.exe Infected: not-virus:Hoax.Win32.Renos.bh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0054511.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0054512.dll Infected: Virus.Win32.Nsag.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP631\A0054532.dll Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP632\A0054540.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0054650.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054699.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054720.exe Infected: not-virus:Hoax.Win32.Renos.aw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054731.exe Infected: Trojan.Win32.LowZones.df skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054732.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054734.exe Infected: not-virus:Hoax.Win32.Renos.bb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054764.exe Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\abi.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\WINDOWS\fmw.exe Infected: Trojan.Win32.Favadd.o skipped
C:\WINDOWS\jxcqifciu.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.aj skipped
C:\WINDOWS\mtuninst.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\WINDOWS\ru.exe.tcf Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\WINDOWS\shgbex.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.r skipped
C:\WINDOWS\SYSTEM32\100074.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\WINDOWS\SYSTEM32\cbnmanx.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\SYSTEM32\cewyerxp.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\SYSTEM32\kirocrx.dll Infected: Trojan-Downloader.Win32.Qoologic.af skipped
C:\WINDOWS\SYSTEM32\nhhivt33.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\oins.exe.tcf Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\WINDOWS\SYSTEM32\pt7o84q3.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\repairs302972946.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped
C:\WINDOWS\SYSTEM32\rpccesrv.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\SYSTEM32\rsvodisc.dll Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\SYSTEM32\tl2c9kvd.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\winb2s33.dll.tcf Infected: not-a-virus:AdWare.Win32.Ilookup.b skipped
C:\WINDOWS\uninstDsk.exe Infected: Trojan.Win32.Small.ev skipped

Scan process completed.
  • 0

#14
loophole
Posted 18 February 2006 - 09:30 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Lets go the easy route since there is so much

Please download ATF Cleaner by Atribune.Save it to the desktop
This program is for XP and Windows 2000 only

Please download ewido security suite it is a free version of the program.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
.


ATF CleanerDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu


Now open Ewido
:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

REBOOT

Please post a new Hijack log and the Ewido log. I will need it to compare to the Kaspersky log

Thanks

Edited by loophole, 18 February 2006 - 09:31 PM.

  • 0

#15
Opgots
Posted 18 February 2006 - 11:04 PM

Opgots

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:03:16 AM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\Program Files\Ewido\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Enrique\My Documents\My Music\Downloads\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://install.spywa...g/Tracking.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101769630\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32

\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32

\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!

\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!

\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-

ra.co.jp/mgx/win/MGXPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...b?1099358912398
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -

http://www.filelodge...geUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {F8500B09-46D8-4DFA-B6BA-CE1DC96C9626} (MetaGateX Class) - http://www.va-sa-ra....mgx/win/MGX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program

Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\ewidoguard.exe
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\taskmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1

\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:57:45 PM, 2/18/2006
+ Report-Checksum: 797EB43A

+ Scan result:

C:\Documents and Settings\Enrique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-1540eca1-6c917c20.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Enrique\Cookies\enrique@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Enrique\My Documents\filelib\e3paz\aimfix_quarantine\3945_taskmgr.exe.bak -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Enrique\My Documents\My Music\Downloads\Musicmatch Jukebox Plus 10.00.4033.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Cookies\kike & martha@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Cookies\kike & martha@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Cookies\kike & martha@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Cookies\kike & martha@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Local Settings\Temp\tm43839.exe.tcf -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Kike & Martha\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\rcverlib[1].exe.tcf -> Trojan.Pakes : Cleaned with backup
C:\ncj.exe -> Not-A-Virus.Hoax.Win32.Renos.bh : Cleaned with backup
C:\Program Files\sf\sf.exe -> Downloader.Small.hs : Cleaned with backup
C:\psgj.exe -> Not-A-Virus.Hoax.Win32.Renos.bb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0048676.exe -> Downloader.VB.hw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0048691.exe -> Downloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0048749.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0048750.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0050367.dll -> Downloader.Qoologic.ak : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP594\A0050959.exe -> Downloader.Agent.vp : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP594\A0050961.exe -> Downloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP598\A0051247.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP598\A0051587.exe -> Worm.VB.an : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP603\A0051999.exe -> Downloader.Agent.vp : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP603\A0052001.exe -> Downloader.VB.hj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP609\A0052266.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052479.exe -> Not-A-Virus.Hoax.Win32.Renos.au : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052480.exe -> Not-A-Virus.Hoax.Win32.Renos.au : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0052482.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0054125.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP629\A0054202.exe -> Not-A-Virus.Hoax.Win32.Renos.au : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP629\A0054241.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0054284.exe -> Not-A-Virus.Hoax.Win32.Renos.bh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP631\A0054532.dll -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP632\A0054540.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0054650.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054720.exe -> Not-A-Virus.Hoax.Win32.Renos.au : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054731.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054732.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0054734.exe -> Not-A-Virus.Hoax.Win32.Renos.bb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0054803.exe -> Adware.MDH : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0054805.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\abi.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\fmw.exe -> Hijacker.StartPage.ey : Cleaned with backup
C:\WINDOWS\jxcqifciu.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\ru.exe.tcf -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\100074.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\cbnmanx.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\SYSTEM32\kirocrx.dll -> Downloader.Qoologic.af : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe.tcf -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\SYSTEM32\repairs302972946.dll -> Adware.SurfSide : Cleaned with backup


::Report End
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP