Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Work Computer Need help ASAP

Started by jlaface69 , Dec 14 2005 02:50 PM

  • Please log in to reply

#1
jlaface69
Posted 14 December 2005 - 02:50 PM

jlaface69

    New Member

  • Member
  • Pip
  • 7 posts
I have all kinds of problems with it can someone help me, i am posting my hijackthis log, can someone please help!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:50:20 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Registry Fix 3.0.2\Registry Fix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp4BDA.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinBrush] C:\Program Files\WinBrush 2002\winbrush.exe /S
O4 - HKCU\..\Run: [SpyTrooper] C:\Program Files\SpyTrooper\SpyTrooper.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134587343578
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloa...PtClickLoan.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
loophole
Posted 14 December 2005 - 03:30 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello and welcome to Geeks to Go:tazz:

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.




Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with a new Hijack log in your next reply.



Reboot and post the logs requested

Thanks :)

Edited by loophole, 14 December 2005 - 03:30 PM.

  • 0

#3
jlaface69
Posted 14 December 2005 - 06:15 PM

jlaface69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Incident Status Location

Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\hp4BDA.tmp
Adware:adware/securityerror Not disinfected C:\WINDOWS\system32\nvctrl.exe
Adware:Adware/SpyAxe Not disinfected C:\WINDOWS\system32\ioctrl.dll
Adware:adware/exact.bargainbuddyNot disinfected C:\WINDOWS\SYSTEM32\exdl1.exe
Adware:adware/spyaxe Not disinfected C:\WINDOWS\SYSTEM32\hp4BDA.tmp
Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\mscornet.exe
Adware:adware/favoriteman Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\SAHUninstall_.exe
Adware:adware/spytrooper Not disinfected C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Desktop\SpyTrooper.lnk
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/gator Not disinfected C:\WINDOWS\GatorPatch.log
Adware:adware/toprebates Not disinfected C:\PROGRAM FILES\WebSavingsfromEbates
Adware:adware/wintools Not disinfected C:\PROGRAM FILES\COMMON FILES\WinTools
Adware:adware/ncase Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\180search Assistant
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Application Data\Lycos
Adware:adware/powerscan Not disinfected Windows Registry
Adware:Adware/TopRebates Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\djtopr1150.exe
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.cab
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.cab[multimpp.inf]
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.cab[multimpp.dll]
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.cab[preInMPP.exe]
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.dll
Adware:Adware/MultiMPP Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\THI60FA.tmp\multimpp.inf
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\toolbar.cab[IExploreSkins.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temp\toolbar.cab[toolbar.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\LOAN OFFICER\Local Settings\Temporary Internet Files\Content.IE5\V7PCOWX3\WinTB[1].cab[WToolsB.dll]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\biini.cab
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\biini.cab[biini.inf]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\biini.inf
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\IExploreSkins.exe
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\polmx2.inf
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\temp.cab[IExploreSkins.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\temp.cab[toolbar.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\toolbar.dll
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temp\WinTools.exe
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temporary Internet Files\Content.IE5\DDL3EM7M\Toolbar[1].cab[IExploreSkins.exe]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TJK\Local Settings\Temporary Internet Files\Content.IE5\DDL3EM7M\Toolbar[1].cab[toolbar.dll]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TJK\Local Settings\Temporary Internet Files\Content.IE5\ZZBBRCTD\CSBIINST[1].DL_[CSBIINST[1].DLl]
Adware:Adware/WUpd Not disinfected C:\Program Files\MediaGateway\MediaGateway.exe
Adware:Adware/SpyAxe Not disinfected C:\Program Files\SpyAxe\SpyAxe.exe
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\be.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bg.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bo.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\c.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cs.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cx.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\da.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\de.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dw.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dy.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\h.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\m.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\x.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\y.class
Adware:Adware/NetPals Not disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi4.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polmx2.inf
Logfile of HijackThis v1.99.1
Scan saved at 2:50:20 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Registry Fix 3.0.2\Registry Fix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp4BDA.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinBrush] C:\Program Files\WinBrush 2002\winbrush.exe /S
O4 - HKCU\..\Run: [SpyTrooper] C:\Program Files\SpyTrooper\SpyTrooper.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134587343578
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloa...PtClickLoan.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
jlaface69
Posted 14 December 2005 - 06:17 PM

jlaface69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
so what do I have to do now, Can you tell anything from that stuff I dont understand it? ANyone someone, i have been here for four hours trying to fix it
  • 0

#5
jlaface69
Posted 14 December 2005 - 06:32 PM

jlaface69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Is someone gonna help me or not, man I am about to lose my job here. Please
  • 0

#6
loophole
Posted 14 December 2005 - 06:37 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Firstly Calm down. I'll help you but we have to go at this in a certain order and it won't take that long since youve already ran the panda scan


You may wish to print out a copy of these instructions to follow while you complete this procedure.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.




Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Uninstall

Please remove these entries from Add/Remove Programs in the Control Panel(if present):
WebSavingsfromEbates



Please note any other programs that you dont recognize in that list in your next response

Folder deletions

Please delete the folders in red using Windows Explorer(if present):
C:\Program Files\WebSavingsfromEbates



Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with a new Hijack log in your next reply.



Reboot and post the logs requested

Thanks :tazz:

Edited by loophole, 14 December 2005 - 06:38 PM.

  • 0

#7
jlaface69
Posted 14 December 2005 - 07:47 PM

jlaface69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay here is my latest highjack this log, thank you so much dor helping me.

Logfile of HijackThis v1.99.1
Scan saved at 8:44:51 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Desktop\HijackThis.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\LOANOF~1.YOU\LOCALS~1\Temp\{C0F7D678-F9F9-454B-965D-414E6DE8A1FF}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\LOANOF~1.YOU\LOCALS~1\Temp\2005121416573_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\LOANOF~1.YOU\LOCALS~1\Temp\2005121416576_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinBrush] C:\Program Files\WinBrush 2002\winbrush.exe /S
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134587343578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloa...PtClickLoan.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
  • 0

#8
loophole
Posted 14 December 2005 - 08:02 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log


can you post the above log in your next reply please

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.


Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.


Please uninstall the following (click start >>>control panel >>> add/remove programs) If present
Mediagateway


cleanup
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. If asked to reboot select NO

Pocket Killbox
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\SYSTEM32\exdl1.exe
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\SAHUninstall_.exe
    C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Desktop\SpyTrooper.lnk
    C:\WINDOWS\INF\biini.inf
    C:\WINDOWS\GatorPatch.log
    C:\PROGRAM FILES\COMMON FILES\WinTools
    C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\180search Assistant
    C:\Documents and Settings\Loan Officer.YOUR-DAFKCNQF0V\Application Data\Lycos
    C:\WINDOWS\Downloaded Program Files\ATPartners.inf
    C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
    C:\WINDOWS\inf\bi.inf
    C:\WINDOWS\inf\bi4.inf
    C:\WINDOWS\inf\biini.inf
    C:\WINDOWS\inf\polmx2.inf


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a new hijack log and tell me how your system is running now.

Thanks :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP