|
| ||
| |imp| Need help with cleaning all these crawling trojans and wormies... Hello guys, I need some solid help here. Here is my HaijackThis report. I need to get rid of anything thats causing me all the memory drains especially this W32/Bube.gen with my explorer.exe which McAfee does recognize but cannot do anything about it. Any help is appreciated... thanks Logfile of HijackThis v1.99.1 Scan saved at 10:12:17 PM, on 5/20/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\atievxx.exe C:\WINDOWS\system32\crypserv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\ltmsg.exe C:\WINDOWS\System32\tp4serv.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe c:\windows\system32\cstcvn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\TelkomInternet Web Accelerator\telkominternetaccel.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Khan\pd33.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Go!Zilla\gozilla.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Temporary\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F3 - REG:win.ini: run=C:\WINDOWS\System32\svhost.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\TelkomInternet Web Accelerator\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsf7D.dll O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\GO!ZILLA\GoIEHlp.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tqjuugl] c:\windows\system32\cstcvn.exe O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\pd33.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\pd33.exe O4 - Global Startup: TelkomInternet Web Accelerator.lnk = C:\Program Files\TelkomInternet Web Accelerator\telkominternetaccel.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\GO!ZILLA\download-with-gozilla.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\TelkomInternet Web Accelerator\telkominternetaccel.exe/250 O8 - Extra context menu item: Show Original Image - res://C:\Program Files\TelkomInternet Web Accelerator\telkominternetaccel.exe/227 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.addictivetechnologies.net O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.f1organizer.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.topconverting.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.addictivetechnologies.com (HKLM) O15 - Trusted Zone: *.addictivetechnologies.net (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.c4tdownload.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.crazywinnings.com (HKLM) O15 - Trusted Zone: *.f1organizer.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.megapornix.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.overpro.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D11C0A19-B0C0-4A43-A915-83C89C507DC6}: NameServer = 196.43.1.11 196.25.1.11 O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe |
| ||
| Re: |imp| Need help with cleaning all these crawling trojans and wormies... Please go here for the instructions on how to remove the Bube.d (aka Win32.Beavis) Removal [isrvs] infection. Please follow the removal instructions exactly. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from here: http://www.noidea.us/easyfile/file.p...50515010747824 Unzip it to the desktop but please do NOT run it yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Then please run Ewido, and run a full scan. Save the logfile from the scan. Next please run HijackThis, click Scan, and check: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Close all open windows except for HijackThis and click Fix Checked. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan. |
| ||
| Re: |imp| Need help with cleaning all these crawling trojans and wormies... Ok I got done with all the scanning. Before posting thelog file. - I had a problem with Kav as it deleted my explorer, luckily there was one explorer.exe quarantened before hand so I was able to use that. I rechecked the file again and Kav said it was clean. - I had lots of trojans and spyware removed but I still have a couple of problems. the I.E opens with some trafic popup.. I assume this is the Aurora Pop ups as these also place annoying icons in my desktop help me out with this if you could please... LOG FILE HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 12:13:19, on 24/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Temporary\Antivirus\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\TelkomInternet Web Accelerator\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing) O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsx124.dll O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\GO!ZILLA\GoIEHlp.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - Global Startup: TelkomInternet Web Accelerator.lnk = C:\Program Files\TelkomInternet Web Accelerator\telkominternetaccel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.addictivetechnologies.com (HKLM) O15 - Trusted Zone: *.addictivetechnologies.net (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.c4tdownload.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.crazywinnings.com (HKLM) O15 - Trusted Zone: *.f1organizer.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.megapornix.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.overpro.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe EWIDO REPORT --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 06:32:50, 24/05/2005 + Report-Checksum: 2E6EFF97 + Date of database: 23/05/2005 + Version of scan engine: v3.0 + Duration: 366 min + Scanned Files: 72662 + Speed: 3.30 Files/Second + Infected files: 112 + Removed files: 112 + Files put in quarantine: 112 + Files that could not be opened: 0 + Files that could not be cleaned: 0 + Binder: Yes + Crypter: Yes + Archives: Yes + Scanned items: C:\ + Scan result: C:\WINDOWS\LastGood\webhdll.dll -> Spyware.WebHancer -> Cleaned with backup C:\WINDOWS\SYSTEM32\nsb45.dll -> Spyware.Beginto.c -> Cleaned with backup C:\WINDOWS\SYSTEM32\nsd15.dll -> Spyware.Beginto.c -> Cleaned with backup C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL -> Spyware.P2PNetworking -> Cleaned with backup C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe -> Spyware.P2PNetworking -> Cleaned with backup C:\WINDOWS\gcqqmbgmvp.exe -> Spyware.BetterInternet -> Cleaned with backup C:\WINDOWS\isrvs\mfiltis.dll -> Spyware.ISearch.d -> Cleaned with backup C:\WINDOWS\isrvs\desktop.exe -> Spyware.ISearch.d -> Cleaned with backup C:\WINDOWS\isrvs\msdbhk.dll -> Spyware.Isearch.a -> Cleaned with backup C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.ISearch.e -> Cleaned with backup C:\WINDOWS\isrvs\ffisearch.exe -> Spyware.Isearch -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\Setup.exe -> Spyware.Altnet.b -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\adm4.dll -> Spyware.Altnet.a -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\adm25.dll -> Spyware.Altnet.b -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\adm.exe -> Spyware.Altnet.a -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\admdloader.dll -> Spyware.Altnet.b -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\admfdi.dll -> Spyware.Altnet.b -> Cleaned with backup C:\WINDOWS\TEMP\Altnet\admprog.dll -> Spyware.Altnet.b -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Cleaned with backup C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet.d -> Cleaned with backup C:\Program Files\whInstall\whInstaller.exe -> Spyware.WebHancer -> Cleaned with backup C:\Program Files\whInstall\webhdll.dll -> Spyware.WebHancer -> Cleaned with backup C:\Program Files\Trend Micro\Internet Security\VSS5PCDT.001 -> Spyware.ISearch.d -> Cleaned with backup C:\Program Files\Trend Micro\Internet Security\VSS6D0B5.000 -> Spyware.Isearch -> Cleaned with backup C:\Documents and Settings\Khan\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking -> Cleaned with backup C:\Documents and Settings\Khan\Local Settings\Temp\__unin__.exe -> Spyware.AltnetBDE -> Cleaned with backup C:\Documents and Settings\Khan\Local Settings\Temporary Internet Files\Content.IE5\6SQ57H0W\Nail[1].exe -> Trojan.Nail -> Cleaned with backup C:\Documents and Settings\Khan\Local Settings\Temporary Internet Files\Content.IE5\VBHPD5DE\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@ads01.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@deliver.ads.uigc[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@fl01.ct2.comclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@www.smartadserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@www.nethit-free[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@S0011-00-12-14-212925-43362[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@banner3.inet-traffic[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@inet-traffic[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@ad.ir[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@counter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@www.popuptraffic[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@c5.zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@www.myaffiliateprogram[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@servedby.netshelter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Khan\Cookies\khan@clickthrutraffic[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004623.DLL -> Spyware.WebHancer -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004630.EXE -> Spyware.MyWay.b -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004631.DLL -> Spyware.MyWay.e -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004633.exe -> Spyware.AltnetBDE -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004635.dll -> Spyware.BrilliantDigital.1007 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004637.dll -> Spyware.Altnet.b -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004639.dll -> Spyware.Altnet.b -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004640.dll -> Spyware.Altnet.b -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004641.EXE -> Spyware.Altnet.a -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004642.dll -> Spyware.Altnet.a -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004643.dll -> Spyware.Altnet.b -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004644.EXE -> Spyware.AltnetBDE -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP27\A0004645.exe -> Spyware.AltnetBDE -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP28\A0004653.DLL -> Spyware.ToolBar.MyWay.g -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004879.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004880.dll -> Spyware.Gator -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004881.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004882.dll -> Spyware.Gator.6041 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004893.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004894.dll -> Spyware.Gator -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004896.dll -> Spyware.Gator.6051 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004897.dll -> Spyware.Gator.6051 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004898.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004899.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004901.dll -> Spyware.Gator.6051 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP34\A0004902.dll -> Spyware.Claria -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP43\A0005265.exe -> Spyware.Superbar -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0021688.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0028775.exe -> Spyware.WebHancer.351 -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0028776.dll -> Spyware.WebHancer -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0032809.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0032842.exe -> Spyware.WebHancer -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0043972.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0033901.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0033928.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0033935.exe -> Spyware.BetterInternet.c -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0035929.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0036966.exe -> Trojan.Nail -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0036971.exe -> Spyware.ISearch.d -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0045028.exe -> TrojanDownloader.IstBar.is -> Cleaned with backup C:\System Volume Information\_restore{CAD5DD38-CA73-46E8-8C18-B732701C5FC7}\RP62\A0045029.exe -> TrojanDownloader.IstBar.is -> Cleaned with backup C:\Temporary\Super Serials 2K\s2k.serials2k7.1.zip/s2k.hacking.exe -> Dialer.Generic -> Cleaned with backup C:\Temporary\Super Serials 2K\s2k.serials2k7.1\s2k.hacking.exe -> Dialer.Generic -> Cleaned with backup ::Report End |
| ||
| Re: |imp| Need help with cleaning all these crawling trojans and wormies... Was that log taken in safe mode? If so, please do the next one in normal mode. - Now, let's open a command prompt by going to the start menu and then select 'Run'. In the box that pops up type in 'cmd'. The command prompt will open. OR You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following: regsvr32 /u nsx124.dll regsvr32 /u mfiltis.dll It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in. =============== Run HiJackThis, click "Scan", then check(tick) the following, if present: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing) O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsx124.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.addictivetechnologies.com (HKLM) O15 - Trusted Zone: *.addictivetechnologies.net (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.c4tdownload.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.crazywinnings.com (HKLM) O15 - Trusted Zone: *.f1organizer.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.megapornix.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.overpro.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) Now, with all windows closed except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:" folders... C:\WINDOWS\isrvs files... C:\WINDOWS\System32\nsx124.dll - Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode". - Reboot. =============== To help protect your system from hostile ActiveX content, or special 'downloadable' files: Download, install and keep updated, SpywareBlaster. If you've installed it for the first time: 1) Check for any available updates; if present, they'll be automatically downloaded and installed. 2) Next, "Enable all protection". 3) Exit the program. - Note: Remember to regularly check for updates. =============== After rebooting your PC, rescan with hijackthis and post a new log. Let me know how things are now. |
| All times are GMT -4. The time now is 2:27 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC