Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tib Systems, HELP!


  • This topic is locked This topic is locked

#16
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here's the Hijack Log;

Logfile of HijackThis v1.99.1
Scan saved at 11:45:26, on 12/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\windows\system32\wpqwio.exe
C:\WINDOWS\realsched.exe
C:\WINDOWS\gcasServ.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [wpqwio] c:\windows\system32\wpqwio.exe
O4 - HKLM\..\Run: [TkBellExe] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [gcasServ] C:\WINDOWS\gcasServ.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD13242-B87F-431D-B61E-59CA4CC744C7}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

The computer has been a lot quicker and I've had no problems with any unwanted malware.
  • 0

Advertisements


#17
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thank you!!!!!!!!!
  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi xXxHeatherxXx ;)

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).
Please set your system to show all files; Click here for how to do this if you're unsure.
The following are mandatory fixes:

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items.[/b]

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll (file missing)

Click on {redFix Checked} and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them. If found

C:\WINDOWS\dlmax.dll

Exit Explorer, and reboot as normal afterwards.

Please run the following free, online virus scans: Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.
http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Kc :tazz:
  • 0

#19
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
These online virus scans requires you to install active X which i had to unistall. Will i just send you a fresh hijackthis log?
  • 0

#20
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi xXxHeatherxXx

The two virus scans are the good guy's and are safe :tazz:

Kc ;)
  • 0

#21
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Heres the logfile. I'll do 2 virus scans soon. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 18:41:19, on 29/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\windows\system32\wpqwio.exe
C:\WINDOWS\realsched.exe
C:\WINDOWS\gaSrv.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\windows\system32\calc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\nnx32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [wpqwio] c:\windows\system32\wpqwio.exe
O4 - HKLM\..\Run: [TkBellExe] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD13242-B87F-431D-B61E-59CA4CC744C7}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#22
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi xXxHeatherxXx

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve...rch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\nnx32.dll
O4 - HKLM\..\Run: [wpqwio] c:\windows\system32\wpqwio.exe
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\nnx32.dll<--Delete this file
c:\windows\system32\wpqwio.exe<--Delete this file
C:\WINDOWS\shch.exe /i<--Delete this file
C:\WINDOWS\msexploren.exe /i<--Delete this file
C:\WINDOWS\nrchk.exe /i<--Delete this file
C:\WINDOWS\gaSrv.exe<--Delete this file

Exit Explorer, and reboot as normal afterwards.

Reboot you system

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#23
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:02:25, on 30/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [wpqwio] c:\windows\system32\wpqwio.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD13242-B87F-431D-B61E-59CA4CC744C7}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

There is a few things coming up on the computer that I am worried about. When I open up internet explorer in the address bar it says about:blank and the web page is completely blank. Also, a box keeps coming up saying runtime error 123 and a load of other numbers. What can be done about this?
  • 0

#24
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi xXxHeatherxXx

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).The following items are malware and must be fixed
[LIST]The following explains how to remove items from your computer that are malware. These must be fixed now!

[LIST][*]Please set your system to show all files; please see here if you're unsure how to do this.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [wpqwio] c:\windows\system32\wpqwio.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\dlmax.dll
c:\windows\system32\wpqwio.exe
C:\WINDOWS\farmmext.exe

Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.
C:\WINDOWS\dlmax.dll<--Delete this file
c:\windows\system32\wpqwio.exe<--Delete this file
C:\WINDOWS\farmmext.exe<--Delete this file

Please run the following free, online virus scan.
http://www.pandasoft...n_principal.htm

Please post the logs From Panda virus scan and HJT.log We will need them to remove previous infections that have left files on your system.

This is the last time I will ask for the virus scan

Kc :tazz:
  • 0

#25
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I'll download the virus scans and Pocket killbox tomorrow. I'll get back to you as soon as I can. Thanx for the help.

P.S I got Norton Anti-Virus yesterday and I think this will help with the viruses. Will I need to download pocket killbox and the panda virus scan if I have Norton Anti Virus?
  • 0

Advertisements


#26
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi xXxHeatherxXx

Will be here waiting for your reply.

Kc :tazz:
  • 0

#27
xXxHeatherxXx

xXxHeatherxXx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here's the HJT scan:-

Logfile of HijackThis v1.99.1
Scan saved at 11:46:07, on 03/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masmin...aaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD13242-B87F-431D-B61E-59CA4CC744C7}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

And finally here's the Virus Scan:-


Incident Status Location

Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\RICHED20.dll
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
Spyware:Spyware/Cydoor No disinfected C:\DOCUME~1\USER1~1\LOCALS~1\Temp\cd_clint.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\NaviSearch
Adware:Adware/Gator No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\FLEOK
Adware:Adware/KeenValue No disinfected Windows Registry
Spyware:Spyware/Searchcentrix No disinfected C:\Program Files\dynamic toolbar
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll
Adware:Adware/IPInsight No disinfected C:\DOCUME~1\USER1~1\LOCALS~1\Temp\alchem.???
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\USER1~1\LOCALS~1\Temp\THI*.tmp
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/P2PNetworking No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\User 1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-71002e85-635d4ff4.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\User 1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderfox.jar-805f84c-56649ac9.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\User 1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderfox.jar-805f84c-56649ac9.zip[Matrix.class]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.cab[alchem.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.cab[alchem.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\alchem.ini
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\asmfiles.cab[asmps.dll]
Spyware:Spyware/Cydoor No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\cd_clint.dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\drp1E.tmp\thnall2r.exe
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\User 1\Local Settings\Temp\polmx.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\satmat.cab[satmat.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\satmat.cab[satmat.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\satmat.ini
Adware:Adware/SaveNow No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\saveinstwm.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI267D.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI267D.tmp\farmmext.cab[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI267D.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI267D.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI267D.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2D43.tmp\dlmax.cab
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2D43.tmp\dlmax.cab[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2D43.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2D43.tmp\dlmax.cab[spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2D43.tmp\dlmax.inf
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2F35.tmp\twaintec.cab
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2F35.tmp\twaintec.cab[twaintec.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI2F35.tmp\twaintec.cab[preInsTT.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI46FA.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI46FA.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI6B26.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI6B26.tmp\farmmext.cab[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI6B26.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI6B26.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THI6B26.tmp\farmmext.ini
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THIAEC.tmp\dlmax.cab
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THIAEC.tmp\dlmax.cab[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THIAEC.tmp\dlmax.cab[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THIAEC.tmp\dlmax.cab[spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\THIAEC.tmp\dlmax.inf
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.cab
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.cab[twaintec.inf]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.cab[twaintec.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.cab[preInsTT.exe]
Virus:Trj/Downloader.GK No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.cab[polall1m.exe]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\twaintec.inf
Virus:Trj/Downloader.UV Disinfected C:\Documents and Settings\User 1\Local Settings\Temp\xwxload.exe
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\User 1\Local Settings\Temp\__unin__.exe
Adware:Adware/MyWebSearch No disinfected C:\HJT\backups\backup-20050307-171013-276.dll
Spyware:Spyware/Bridge No disinfected C:\HJT\backups\backup-20050307-171014-325.dll
Spyware:Spyware/Bridge No disinfected C:\HJT\backups\backup-20050307-171014-414.dll
Adware:Adware/FunWeb No disinfected C:\HJT\backups\backup-20050307-171014-685.inf
Adware:Adware/P2PNetworking No disinfected C:\HJT\backups\backup-20050307-171014-816.dll
Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\riched20.dll
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
Adware:Adware/FunWeb No disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
Adware:Adware/MyWebSearch No disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
Virus:Trj/Downloader.BHX Disinfected C:\RECYCLER\S-1-5-21-1454471165-261478967-839522115-1004\Dc1.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\bridge.dll
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\Downloaded Program Files\jao.dll
Adware:Adware/123Messenger No disinfected C:\WINDOWS\Downloaded Program Files\msa64chk.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\adm.exe
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[AltnetUninstall.exe]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[asmend.exe]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab[Points Manager.exe]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\pmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\pmfiles.cab[sysdetect.dll]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet\Setup.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP