|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
August 5th, 2004, 12:34 AM
|
|||
|
|||
|
way too many popups,log included
hello people.....
whenever i use my internet explorer , i get a lot of popups coming outta no where even when im using a pop up blocker, heres a hijackthis log, please help in any way u can Logfile of HijackThis v1.97.7 Scan saved at 10:15:53 PM, on 08/04/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\soundtask.exe C:\WINDOWS\System32\zpfujj.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\documents and settings\default\local settings\temp\06q00WnEO.exe C:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\BitTorrent2\btdownloadgui.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\WINDOWS\System32\wexhours.exe C:\WINDOWS\System32\wmvus.exe C:\Program Files\SysAI\SysAI.exe C:\Program Files\Overnet\overnet.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AIM95\aim.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Downloads\Software\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) O1 - Hosts: 198.65.164.171 ehttp.cc O1 - Hosts: 198.65.164.168 winshow.biz O1 - Hosts: 198.65.164.168 www.winshow.biz O1 - Hosts: 198.65.164.168 00hq.com O1 - Hosts: 198.65.164.168 www.00hq.com O1 - Hosts: 198.65.164.168 8ad.com O1 - Hosts: 198.65.164.168 www.8ad.com O1 - Hosts: 198.65.164.168 searchv.com O1 - Hosts: 198.65.164.168 www.searchv.com O1 - Hosts: 198.65.164.168 008k.com O1 - Hosts: 198.65.164.168 www.008k.com O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file) O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll O2 - BHO: (no name) - {4E2AA802-EF7C-4576-A573-CBA899119ACC} - C:\WINDOWS\SYSTEM32\hapkgs.dll O2 - BHO: (no name) - {7683c868-68ea-427c-af31-54bee27b72c3} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll O2 - BHO: (no name) - {FD3234E6-88AD-457C-92D0-F6C747701175} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs O4 - HKLM\..\Run: [hxgxfyr] C:\WINDOWS\ephkypwpd.exe O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t O4 - HKLM\..\Run: [soundtask] soundtask.exe O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe O4 - HKLM\..\Run: [vgkuticma] C:\WINDOWS\System32\zpfujj.exe O4 - HKLM\..\Run: [06q00WnEO.exe] C:\documents and settings\default\local settings\temp\06q00WnEO.exe O4 - HKLM\..\Run: [BGiKqcY3.exe] c:\documents and settings\default\local settings\temp\BGiKqcY3.exe O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [r83R36X] wexhours.exe O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\RunServices: [NT Guard] iexplore.exe O4 - HKLM\..\RunServices: [soundtask] soundtask.exe O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [azs5RWbmQ] wmvus.exe O4 - HKCU\..\Run: [Saos] C:\Documents and Settings\default\Application Data\rwtr.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" "+b1" O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{7F5E2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{7F5E2~1\reboot.ini -l0x9 O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\ISTbar\istbar.dll" O4 - Startup: DLHelperEXE.exe O4 - Startup: .lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm O9 - Extra button: SideFind (HKLM) O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Inicio (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
|
|
#2
August 5th, 2004, 12:35 AM
|
|||
|
|||
|
continued
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {40689DFB-7484-4D82-BCDD-DE2B39F74FD3} (Ttt Control) - http://mirror.worldwinner.com//games/v41/ttt/tictactoe.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1679de17a26573e49e05/netzip/RdxIE601.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bjattack/bjattack.cab O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
|
|
#4
August 6th, 2004, 01:39 AM
|
||||
|
||||
|
It's only been one day since you created the thread. Please give people a chance to check over your log and respond. If there hasn't been any activity after one week, then bump it.
|
|
#6
August 13th, 2004, 02:44 PM
|
|||
|
|||
|
Hi Sasuke03,
You have quite a lot going on in your computer. Disable System Restore: 1 Right-click My Computer, and then click Properties. 2 Click the System Restore tab. 3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box. 4 Click Apply 5 this will delete all existing restore points. Click Yes to do this. 6 Click OK. We will turn it back on when your system is clean. First, let's do an onlne virus scan from at least two of these sites: Trend Micro Housecall http://housecall.trendmicro.com/ Panda Active Scan www.pandasoftware.com/activescan/activescan Bitdefender http://www.bitdefender.com/scan/licence.php Please report if anything has been found or fixed. Then let's do some more cleaning up: Download Ad-Aware SE Personal Edition from: http://www.lavasoft.de/support/download/ Run Adaware, click the "Check for Updates now" link. Install the latest reference file Perform a "Full system scan" with Adaware. Then... Download, install and UPDATE Spybot Search and Destroy 1.3. Scan and fix all items checked in RED. Please update HijackThis, you are using an outdated version: Open HijackThis, click Config > Misc Tools > Check for Update online Or download a copy of version 1.98.2 at: http://www.majorgeeks.com/download3155.html Post a fresh log with this new version. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#7
August 15th, 2004, 01:58 AM
|
|||
|
|||
|
scan results + new log
thanks for the help Tom, really appreciate it, heres the scan results and a new log
scan results: Incident Status Location Virus:W32/Gaobot.US.worm Disinfected Operating system Virus:W32/Gaobot.QP.worm Renamed C:\WINDOWS\SYSTEM32\scvhost.exe Virus:W32/Gaobot.US.worm Renamed C:\WINDOWS\SYSTEM32\soundtask.exe Virus:Backdoor Program Disinfected C:\Documents and Settings\All Users\Documents\autorun.inf Virus:Trojan Horse Disinfected C:\Documents and Settings\default\Local Settings\Temp\lycos_ss.exe Virus:Trj/Downloader.L Disinfected C:\Documents and Settings\default\Local Settings\Temp\Susp.cab Virus:Trj/Downloader.GK No disinfected C:\Documents and Settings\default\Local Settings\Temp\THI40A2.tmp\twaintec.cab[polall1t.exe] Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\default\Local Settings\Temp\THI40A2.tmp\polall1t.exe Virus:Trj/Siboco.A Disinfected C:\Documents and Settings\default\Local Settings\Temp\msgked.exe Virus:Trj/Siboco.A Disinfected C:\Documents and Settings\default\Local Settings\Temp\~7082808388.tmp Virus:Trj/Downloader.OU Disinfected C:\Documents and Settings\default\Local Settings\Temp\wupdt.exe Virus:Trojan Horse Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\LI3S8YMB\lycos_ss[1].exe Virus:Trj/Seeker.W Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\474LORA7\object-c002[1].hta Virus:Trj/Downloader.OG Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\474LORA7\bridge-c14[1].cab Virus:Trj/Debeski.A Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SNQRGX05\start[1] Virus:Trojan Horse Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\U9UZ4VC7\HP2[1].CHM Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\IFYJQ1YB\index[2].htm Virus:Trj/Imk.A Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\SHE7CHEV\uinfo4[1].gif Virus:Trj/Siboco.A Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\RQS7J18P\msmc[1].exe Virus:Trj/Briss.A Disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\JRHNZ90C\bridge[1].cab Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-18753685.zip[RunString.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-14a1f8d0.zip[RunString.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-14a1f8d0.zip[Colors.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-121a73c5.zip[GetAccess.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-121a73c5.zip[InsecureClassLoader.class] Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\default\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-121a73c5.zip[Installer.class] Virus:W32/Gaobot.US.worm Disinfected C:\vuevqauq.exe Virus:W32/Gaobot.US.worm Disinfected C:\hodzzxqo.exe Virus:W32/Gaobot.US.worm Disinfected C:\pmzecque.exe Virus:Trj/CHost.A Disinfected C:\EXACTADVERTISING.exe Virus:W32/Momma Disinfected D:\Program Files\Ministars Software\SafeClean Utilities\Backup\020316_034839.zip[279.tmp]
|
|
#8
August 15th, 2004, 02:00 AM
|
|||
|
|||
|
Logfile of HijackThis v1.98.2
Scan saved at 11:52:48 PM, on 08/14/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\soundtask.exe C:\WINDOWS\System32\scvhost.exe C:\documents and settings\default\local settings\temp\06q00WnEO.exe C:\documents and settings\default\local settings\temp\BGiKqcY3.exe C:\Program Files\VVSN\VVSN.exe C:\Program Files\CursorXP\CursorXP.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Web Offer\wo.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\cidaemon.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Documents and Settings\default\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.comO2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll O2 - BHO: TChkBHO Class - {4E2AA802-EF7C-4576-A573-CBA899119ACC} - C:\WINDOWS\SYSTEM32\hapkgs.dll O2 - BHO: (no name) - {7683c868-68ea-427c-af31-54bee27b72c3} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - (no file) O2 - BHO: (no name) - {FD3234E6-88AD-457C-92D0-F6C747701175} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Microsoft IDCN] C:\WINDOWS\system32\mshe1p.exe O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs O4 - HKLM\..\Run: [hxgxfyr] C:\WINDOWS\ephkypwpd.exe O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t O4 - HKLM\..\Run: [soundtask] soundtask.exe O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe O4 - HKLM\..\Run: [06q00WnEO.exe] C:\documents and settings\default\local settings\temp\06q00WnEO.exe O4 - HKLM\..\Run: [BGiKqcY3.exe] C:\documents and settings\default\local settings\temp\BGiKqcY3.exe O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [r83R36X] pat42u.exe O4 - HKLM\..\RunServices: [NT Guard] iexplore.exe O4 - HKLM\..\RunServices: [soundtask] soundtask.exe O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\default\LOCALS~1\Temp\djtopr1150.exe" O4 - HKLM\..\RunOnce: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /C O4 - HKLM\..\RunOnce: [updater13.exe] C:\Program Files\SideFind\updater13.exe -removeold O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\default\LOCALS~1\Temp\cetec.reg O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [azs5RWbmQ] plu32.exe O4 - HKCU\..\Run: [Saos] C:\Documents and Settings\default\Application Data\rwtr.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - Startup: .lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Inicio - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\kazemule-vive\local.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf24dd3540c41ee1ea302c2d59104a57d59aa8baedc40580da1dd4eb01 d54f:eeba47ee03d937f4aaa2edc6fc4885a4 O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab O16 - DPF: {40689DFB-7484-4D82-BCDD-DE2B39F74FD3} (Ttt Control) - http://mirror.worldwinner.com//games/v41/ttt/tictactoe.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1679de17a26573e49e05/netzip/RdxIE601.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bjattack/bjattack.cab O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
|
|
#9
August 15th, 2004, 02:01 AM
|
|||
|
|||
|
continuation of log
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v49/swapit/swapit.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect1.gravity.co.kr/nprotect/npx.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
|
|
#10
August 18th, 2004, 02:03 PM
|
|||
|
|||
|
I'm sorry for the delay, I would still like to help you with your infections.
Open My Computer, browse to C:\documents and settings\User Name(repeat for all users)\local settings\temp folder and delete all files and folders in it. Open My Computer, browse to C:\Windows\Temp folder and delete all files and folders in it. Internet Explorer click Tools > Internet Options > General. Click "Delete Files",also check "delete all offline content" Click OK. Empty your Recycle Bin. Then... Several virus' and possible trojans still appear in your log. I would like you to repeat the online virus scan until they come up clean: Trend Micro Housecall http://housecall.trendmicro.com/ Panda Active Scan www.pandasoftware.com/activescan/activescan Bitdefender http://www.bitdefender.com/scan/licence.php Please report if anything has been found or fixed. Then.... I'd like you to do a couple of trojan scans. Install and perform a full system scan with each of these trial programs: Trojan Hunter http://www.misec.net/trojanhunter/ DiamondCS TDS-3 http://tds.diamondcs.com.au/ Please report if anything has been found or fixed. While waiting for a response please update your computer: Please update Windows and Internet Explorer. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available". http://v5.windowsupdate.microsoft.com/ Again, sorry for the delay. Tom Last edited by Tom Myboy : August 18th, 2004 at 02:11 PM.
|
|
#11
August 21st, 2004, 09:43 PM
|
|||
|
|||
|
I ran all 3 of the scans and i cleaned some viruses/trojans but i didn't know how to save the list on Trend Micro and the 3rd scanning thing. I scanned on panda at the end and I saved a list: Incident Status Location Virus:Trj/Downloader.QK No disinfected C:\Documents and Settings\default\Local Settings\Temp\down_.cab[btiein.dll] Virus:JS/Trj.WindowBomb.B Disinfected C:\Downloads\Software\index.html |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
