Member Avatar for Si_B

Can someone tell me what needs deleting please.

Logfile of HijackThis v1.99.1
Scan saved at 00:45:07, on 12/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\System32\izoqrllvhq.EXE
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\msserv.exe
C:\WINDOWS\System32\scvhost9.exe
C:\WINDOWS\System32\InternetServices.exe
C:\WINDOWS\System32\Rpcmon.exe
c:\new.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Si\My Documents\hijackthis\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.971searchbox.com/sp2.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Generic Host Process9 System Backup] scvhost9.exe
O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] izoqrllvhq.EXE
O4 - HKLM\..\Run: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Intex Service Driver] msserv.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [Generic Host Process9 System Backup] scvhost9.exe
O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] izoqrllvhq.EXE
O4 - HKLM\..\RunServices: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\RunServices: [Intex Service Driver] msserv.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intex Service Driver] msserv.exe
O4 - HKCU\..\Run: [Generic Host Process9 System Backup] scvhost9.exe
O4 - HKCU\..\Run: [Internet auto Start] InternetServices.exe
O4 - HKCU\..\RunServices: [Intex Service Driver] msserv.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8352BD-CE10-49E7-AAA7-14577708B7B4}: NameServer = 212.158.248.5 212.158.248.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe

  • 2 Contributors
  • 3 Replies
  • 309 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by swatkat

Recommended Answers

All 3 Replies

Member Avatar for swatkat

Hi,
Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.

  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active internetconnection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.

After this, download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update".
After the update process, click on the "Scanner" button in the left menu, then click on the "Complete System Scan" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.


Now, run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.

Member Avatar for Si_B

Ok here it is

Logfile of HijackThis v1.99.1
Scan saved at 00:15:12, on 13/10/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Eset\nod32krn.exe
c:\new.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\new.exe
c:\new.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Si\My Documents\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\Run: [Microsoft viri-check] viri-check.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\RunServices: [Microsoft viri-check] viri-check.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft viri-check] viri-check.exe
O4 - HKCU\..\Run: [Internet auto Start] InternetServices.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129158163025
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7C50A4-E8E2-420D-A572-8A1C57338E07}: NameServer = 212.158.248.5 212.158.248.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           00:13:34, 13/10/2005
+ Report-Checksum:      9B677066


+ Scan result:


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1085031214-823518204-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
[692] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[716] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[760] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[772] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[952] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1036] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1228] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1316] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1404] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1492] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1664] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1672] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1680] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1700] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1708] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1716] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1732] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1740] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1776] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1164] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1552] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[552] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[3176] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[2292] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[576] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
[1616] C:\WINDOWS\etb\nt_hide75.dll -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@bilbo.counted[2].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@e-2dj6wfl4agazsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Si\Cookies\si@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Si\Local Settings\Temp\65842_1952_1724_2008_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\WINDOWS\system32\msserv.exe -> Backdoor.SdBot.yx : Cleaned with backup
C:\WINDOWS\uk_efp.exe -> TrojanDownloader.Small.bci : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wfkigldzglq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wfkiqjc5sdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wflikncpsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjk4cpazkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjk4slczwkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjkoepczalo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjloald5mkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjlouid5sko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjlounajifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjlyumazocq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjlywkdzcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjmiwjdzoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@e-2dj6wjmywhazwkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
D:\Documents and Settings\Simon\Cookies\simon@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
D:\Documents and Settings\Simon\Desktop\Simon\MsgPlus-254.exe/sponsor.exe -> TrojanDownloader.Swizzor.ag : Cleaned with backup
D:\Documents and Settings\Simon\Local Settings\Temp\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
D:\Documents and Settings\Simon\My Documents\MsgPlus-301.exe/sponsor.exe -> TrojanDownloader.Swizzor.ag : Cleaned with backup
D:\Program Files\Aprps\CxtPls.exe -> Spyware.Apropos : Cleaned with backup
D:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
D:\Program Files\Ebates_MoeMoneyMaker\disp350.exe -> Spyware.WebRebates : Cleaned with backup
D:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
D:\Program Files\MBKWBar\IEToolBar.dll -> Spyware.MBKWBar : Cleaned with backup
D:\Program Files\Serv-U\ServUDaemon.BAK -> Backdoor.ServU-based : Cleaned with backup
D:\Program Files\Serv-U\ServUDaemon.exe -> Backdoor.ServU-based : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
D:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Cleaned with backup



::Report End

Just thought id say that now my zonealarm firewall wont open neither will my nod32 anti virus program. And neither will task manager or regedit

Edited by happygeek because: fixed formatting
Member Avatar for swatkat

Hi,
Please download ETRemover.ZIP and extract it to a folder. Next download KillBox.ZIP and extract it to a folder.


Download CWShredder, do not run it now.


Next, download the LQFix.Zip (this is different from previous LQFix.exe) and extract it to a folder.


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\Run: [Microsoft viri-check] viri-check.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Internet auto Start] InternetServices.exe
O4 - HKLM\..\RunServices: [Microsoft viri-check] viri-check.exe
O4 - HKCU\..\Run: [Microsoft viri-check] viri-check.exe
O4 - HKCU\..\Run: [Internet auto Start] InternetServices.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Run KillBox.exe and selcet the options: "End Explorer shell while killing file" and "Standard file kill". After this, copy the below mentioned file path completely and paste it in the "Full Path of file to delete" textbox in KillBox:-
c:\new.exe

Similarly, copy the complete filepath of below mentioned files and paste them one after the another in KillBox and delete them:-
C:\WINDOWS\etb\pokapoka75.exe
C:\WINDOWS\iccontrol.exe
C:\WINDOWS\scvhost.exe


Next, run EliteToolbar Remover (ETRemover), then click the "Kill Elite Toolbar" button.


Run CWShredder and click "Fix ->" button.


Go to Start > Search. Here click "All files and folders" in the left pane. Next, click on "More advanced options". Here select the options "Search system folders", "Search hidden files and folders" and "Search subfolders". Next, type/copy the below mentioned filename and search for it, if you find it, right-click on it and click delete:-
InternetServices.exe
viri-check.exe


Double-click on LQFix.BAT, a DOS type window should open and close by itself.


Restart the PC and please post a new HijackThis log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.