0

Hi

I did read some threads here in daniweb, but i decided to register and make an own thread.
I have weak english but i'll try..

i've had problems with slowness of my computer and pop-ups etc. and i think it's becoming worse all the time.
i read this forum and tried some anti-virus programs but those didn't help much. One reason is, that some of those programs ''crashed'' when cleaning the infected files/spyware etc.
damn it, i can't explain it with my english so i'll just post my current Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:50, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\d3hb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntzu32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HiJackThis!\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe
O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = E:\Tmas\Tmas.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)

I know there's much wrong in my computer, hope you can help me out.

Thanks.

2
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by jaishankar
0

C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\d3hb.exe
C:\WINDOWS\system32\ntzu32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe
O4 - HKLM\..\Run:
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe
O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -
http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing)
.

These are some suspicious entries found in ur log

0

Download

ewido - http://www.ewido.net/en/

MS Antispyware - http://www.majorgeeks.com/download.php?det=4466

CW Shredder - http://www.intermute.com/spysubtract/cwshredder_download.html

install them, update them and also update ur antivirus if u have one. or download McAfee Avert Stinger http://vil.nai.com/vil/stinger/

Disconnet from LAN, Reboot ur computer, enter into Safe Mode by hitting F8 at startup

Disable system restore(Mycomputer-Properties-system restore-turn off system restore on all drives)

Perform a complete system scan with all the above utilities

Empty temporary internet files and folders and recycle bin.

Restart ur computer and post ur new hijackthis log

0

I did about:buster scan and now my computer runs faster and there's no pop ups anymore. Search Extender etc has been vanished.
Now i scanned all my drivers with BitDefender Online Scan, it found 38 viruses, 1167 infected files, one suspect file. It disinfected 220 files and deleted 1046.

Virus names:

Backdoor.Agent.MO
Win32.Jeefo.A.dam
Trojan.Proxy.Ranky.CB
GenPack:Trojan.Downloader.Agent.TD
Trojan.Win32.Favadd.F
Java.Trojan.Exploit.Bytverify
Java.Trojan.Exploit.Bytverify.C
Application.Cometsystems.A
Trojan.Java.ClassLoader.D
Trojan.Downloader.Vb.OV
Backdoor.Agent.MO
Trojan.Exploit.Java.Bytverify
Trojan.Purityad.BP
Win32.Worm.Kelvir.Gen
Exploit.Phel.Gen
Trojan.Pokapoka62.C
Win32.Worm.Kelvir.DV
Trojan.Downloader.2489.C
Trojan.Downloader.Istbar.LI
Trojan.Win32.Favadd.F
Trojan.Downloader.WinShow.L
GenPack:Trojan.Agent.BI
Application.Adware.SpySheriff
Win32.Worm.Kelvir.AV
Trojan.Purityad.E
Backdoor.Sdbot.ABS
Trojan.Dyfuca.52104.B
Win32.ExplorerHijack
Trojan.Lowzones.CA
JS.Trojan.Downloader.IstBar.A
HTML.MediaTickets.A
Trojan.Dialer.Premium
Adware.Gator.A

(these are what i found from the bitdefender scan log)
I don't put the whole scan log here now, becouse it's so damn long :( But i can show it if it's neccessary.
Most of the infected files are infected by Win32.Jeefo.A.dam and GenPack:Trojan.Downloader.Agent.TD. And most of the infected files are in System Volume Information -files.

I guess many of those viruses have been quite a long while in my computer, but i haven't found any problems caused by them (if i remember this right now.).

I also did some other scans (Trend micro online scan, ad-aware se scans etc.) and they did clean/remove most of the problems what they found.

Here's my Kaspersky online scan's log:

[B]-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Saturday, January 07, 2006 19:25:15
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.67.0
 Kaspersky Anti-Virus database last update:  7/01/2006
 Kaspersky Anti-Virus database records: 169658
-------------------------------------------------------------------------------

Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\

Scan Statistics:
    Total number of scanned objects: 192010
    Number of viruses found: 27
    Number of infected objects: 53
    Number of suspicious objects: 0
    Duration of the scan process: 8847 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\22A2626E-99E4-4040-BA60-E2B656.bac_a00604    Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604/gsda.dll   Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604    Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMEIIAPI.dll.tcf.bac_a00604  Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMESys.exe.bac_a00604    Infected: not-a-virus:AdWare.Win32.Gator.6034
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/VerifierBug.class  Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/Beyond.class   Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604    Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\Del29.tmp.bac_a00604 Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\EGIEProcess.dll.bac_a00604   Infected: not-a-virus:AdWare.Win32.Gator.6041
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\kw[1].exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.EliteBar.ao
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe  Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe/data0003    Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/10a.exe    Infected: not-a-virus:AdWare.Win32.WinAD.bf
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/vonner.exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar    Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\!update.exe  Infected: not-a-virus:AdWare.Win32.PurityScan.cu
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\res2A.tmp    Infected: not-a-virus:AdWare.Win32.180Solutions.g
C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\WXIJKTYJ\content25360-0[1].htm   Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll   Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab    Infected: not-a-virus:Downloader.Win32.SpyGame
C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\O5AN0L2J\content23599-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k
C:\Program Files\Microsoft AntiSpyware\Quarantine\326DC0E2-BBE9-4DE8-9794-B42B08\6891859C-7CCC-46E4-99DC-C6B590 Infected: not-a-virus:AdWare.Win32.180Solutions.b
C:\Program Files\mIRC\mirc.exe  Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\WINDOWS\noC=.exe/data.rar/mrjj.exe   Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe/data.rar    Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\noC=.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\SK@J:exsglm:$DATA    Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\SK@J:vqsazq:$DATA    Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\int_ver32b.oc$  Infected: not-a-virus:Porn-Dialer.Win32.Creazione.x
C:\WINDOWS\system32\mousecrm.exe    Infected: Backdoor.Win32.Agent.mo
C:\WINDOWS\system32\ysbactivex.dll.tc$  Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\Temp\MT\PornAttitude[1].exe  Infected: not-a-virus:Porn-Dialer.Win32.CapreDeam.c
C:\winstall.exe.tcf Infected: not-virus:Hoax.Win32.Renos.al
D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf  Infected: not-a-virus:AdWare.Win32.Comet.p
D:\Program Files\Common Files\CMEII\GIocl.dll   Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GMTProxy.dll    Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GObjs.dll   Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\GStoreServer.dll    Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\CMEII\Gtools.dll  Infected: not-a-virus:AdWare.Win32.Gator.6041
D:\Program Files\Common Files\GMT\GatorRes.dll  Infected: not-a-virus:AdWare.Win32.Gator.6041
E:\DC++\extfix.exe  Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar/FOOTBALL MANAGER 2006 FRENCH CRACK NOCD+SERIAL+KEYGEN/La 1ère astuce pour tricher avec eurobarre/Eurofake.exe  Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar    Infected: IM-Worm.Win32.Kelvir.bp
E:\DC++\mirc616.exe/data0001.bin    Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\DC++\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\mIRC\mirc.exe    Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612
F:\My Received Files\My Received Files\mirc612.exe  Infected: not-a-virus:Client-IRC.Win32.mIRC.612

Scan process completed.[/B]

And my current HJT log:

[B]Logfile of HijackThis v1.99.1
Scan saved at 20:02:51, on 7.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\HiJackThis!\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.fi/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial 
O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe
O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe
O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe
O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe
O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe
O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe
O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe
O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe
O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - [url]http://advnt01.com/dialer/int_ver32n.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - [url]http://www.playqames.com/default.cab?uid=59&id=60821&ex&1s&ppd=4[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe"  service (file missing)[/B]

Edited by mike_2000_17: Fixed formatting

0

Thanks jaishankar, i noticed your reply after doing my new update.
I'll try to do that, what you wrote, tomorrow (though i have had problems with safe mode before..). It's late now.

0

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing)
O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing)
O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing)
O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing)
O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing)
O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing)
O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing)
O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing)
O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial

Put a check mark on the above entries and let HijacktThis fix them.

Go to Add Remove Programs in Control Panel and uninstall 'blondes' if u find and also remove the folder from the Program Files directory

I think u didn't disable the System Restore b4 performing the scans. If u dont disable it Infections will still be left there and they can reinfect ur system. Just disable it and re-enable it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.