Malware Removal Help

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Malware Removal Help

Options

ibesethro View Member Profile	Jun 29 2008, 04:42 AM Post #1
New Member Group: Members Posts: 5 Joined: 28-June 08 Member No.: 219,147	Okay...so, my wife's old dell dimension 2400...slow slow slow, didnt run spyware protection only because that makes it just as slow as well, having a virus. (what it is) the "windows vista antivirus" or system32 something and insits to be installed on my PC. (symptoms) everythings so slow...i can tolerate the dell-nish...but now its ridiculous. i can slowly surf the web thru the search menu out of start menu...with firefox and IE out of search mode it will load pages like weather.com or yahoo but once you try to use the site...it eternally loads. furthermore, it will randomly pop up its windows and fake scan my computer and the whole nine yards to con me. (countermeasures in place) i have Ad-aware, Spyware doctor (registered) , avg free, and spybot S&D running and ran and scanned and deleted and so forth. done the hijack this thing, removed malicious this and that...to no avail. SO im turning it on to you all that are smarter than me. fair enough i hope? thanks for the help if you so choose to bless me with it -seth Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:30:59 PM, on 6/29/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Documents and Settings\Nikki\lsass.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\mjc\mjc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Nikki\lsass.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BMb30f6ba4] Rundll32.exe "C:\WINDOWS\System32\hmrstbhb.dll",s O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163994147187 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 3038 bytes

Baabiouz View Member Profile	Jun 29 2008, 06:06 AM Post #2
Finnish Malware Fighter Group: HJT Team Posts: 937 Joined: 4-May 07 From: Finland Member No.: 128,832	Hello Ibesethro Please rename your C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to Ibesethro.exe. Then run HijackThis (Ibesethro.exe) and post the log back here This post has been edited by Baabiouz: Jun 29 2008, 06:09 AM --------------------

ibesethro View Member Profile	Jun 29 2008, 10:26 PM Post #3
New Member Group: Members Posts: 5 Joined: 28-June 08 Member No.: 219,147	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:07 PM, on 6/30/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\QuickTime\qttask.exe C:\Documents and Settings\Nikki\lsass.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\mjc\mjc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\ibesethro.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0185D01F-12F9-4622-AD9B-D76579DF763A} - (no file) O2 - BHO: (no name) - {0E5E90E4-B50D-405B-8DE8-3BDF2BD917FE} - C:\WINDOWS\System32\mlJDSIxY.dll (file missing) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {336CED39-3950-4FE5-9FE9-FF74CC14593A} - C:\WINDOWS\System32\geBuTLDv.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5E0A4988-69C7-46B5-9638-3DBDDDB86EA2} - C:\WINDOWS\System32\ddcDstSL.dll (file missing) O2 - BHO: (no name) - {6984527F-01C1-4398-A9FB-418DFF422355} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {B8831D3D-F6E7-4612-8731-6E654CD13FFF} - (no file) O2 - BHO: (no name) - {CF9A8145-0424-491C-A2EA-75A83F04DCC3} - (no file) O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - C:\WINDOWS\System32\iifedcyy.dll O2 - BHO: (no name) - {D7D5A651-19C9-4F90-AE3A-5CBB1277DC20} - C:\WINDOWS\System32\mlJDvTKA.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Nikki\lsass.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [BMb30f6ba4] Rundll32.exe "C:\WINDOWS\System32\yrbjodrw.dll",s O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163994147187 O20 - Winlogon Notify: iifedcyy - C:\WINDOWS\SYSTEM32\iifedcyy.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 4688 bytes

Baabiouz View Member Profile	Jun 30 2008, 08:05 AM Post #4
Finnish Malware Fighter Group: HJT Team Posts: 937 Joined: 4-May 07 From: Finland Member No.: 128,832	Hello Step #1 You have the program Spybot S&D (Teatimer option) running on your machine and that is good. But prior to doing the fix below with Combofix it needs to be turned off. Please do the following: Right click the running icon of Spybot's Teatimer, and choose Exit. Unless it is turned off it could interfere with the fix by Combofix. Step #2 Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Step #3 Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Please download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account* or an account with "Administrative rights"* Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log. -- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..." Please go to Start Menu > Run > and copy/paste the following line: %systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg Press Ok and then run SDFix again. -- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line: %systemdrive%\SDFix\apps\FixPath.exe /Q Reboot and then run SDFix again. -- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe. %SystemRoot%\system32\cmd.exe Step #4 You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Antivir Avast Free AVG Free Bitdefender Free Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. Step #5 Please post Combofix log, Sdfix log and a fresh HijackThis log back here This post has been edited by Baabiouz: Jun 30 2008, 08:09 AM --------------------

ibesethro View Member Profile	Jul 1 2008, 06:38 AM Post #5
New Member Group: Members Posts: 5 Joined: 28-June 08 Member No.: 219,147	SDFix: Version 1.199 Run by Administrator on Tue 07/01/2008 at 08:11 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\iifedcyy.dll - Deleted C:\Program Files\mjc\mjc.exe - Deleted C:\Program Files\Web Technologies\iebr.dll - Deleted C:\Program Files\Web Technologies\iebt.dll - Deleted C:\Program Files\Web Technologies\iebtmm.exe - Deleted C:\Program Files\Web Technologies\iebtu.exe - Deleted C:\Program Files\Web Technologies\iebu.exe - Deleted C:\Program Files\Web Technologies\myd.ico - Deleted C:\Program Files\Web Technologies\mym.ico - Deleted C:\Program Files\Web Technologies\myp.ico - Deleted C:\Program Files\Web Technologies\myv.ico - Deleted C:\Program Files\Web Technologies\ot.ico - Deleted C:\Program Files\Web Technologies\ts.ico - Deleted C:\Program Files\Web Technologies\wcm.exe - Deleted C:\Program Files\Web Technologies\wcs.exe - Deleted C:\Program Files\Web Technologies\wcu.exe - Deleted Folder C:\Program Files\mjc - Removed Folder C:\Program Files\Web Technologies - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 20:25:53 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" Remaining Files : File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 25 Jun 2008 52,224 ..SH. --- "C:\Documents and Settings\Nikki\lsass.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Finished!

Baabiouz View Member Profile	Jul 1 2008, 07:51 AM Post #6
Finnish Malware Fighter Group: HJT Team Posts: 937 Joined: 4-May 07 From: Finland Member No.: 128,832	Please post Combofix log and a fresh hijackthis log --------------------

ibesethro View Member Profile	Jul 5 2008, 12:32 AM Post #7
New Member Group: Members Posts: 5 Joined: 28-June 08 Member No.: 219,147	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:31:05 PM, on 7/5/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\ibesethro.exe.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0185D01F-12F9-4622-AD9B-D76579DF763A} - (no file) O2 - BHO: (no name) - {0E5E90E4-B50D-405B-8DE8-3BDF2BD917FE} - C:\WINDOWS\System32\mlJDSIxY.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {47A742A6-B0D0-43CF-B676-1CE6739505AA} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5E0A4988-69C7-46B5-9638-3DBDDDB86EA2} - C:\WINDOWS\System32\ddcDstSL.dll (file missing) O2 - BHO: (no name) - {6984527F-01C1-4398-A9FB-418DFF422355} - (no file) O2 - BHO: (no name) - {7BC9C2E2-73A6-4FCF-B73D-CBAA20B31C9B} - (no file) O2 - BHO: (no name) - {86D86323-F8CA-4A5C-9EA7-678785BAA24B} - C:\WINDOWS\System32\geBuTLDv.dll (file missing) O2 - BHO: WarningBHO Class - {9989F1F6-70DE-4244-AC9F-6672983681A0} - C:\Program Files\AntiSpyCheck 2.1\IEWarning32.dll (file missing) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - C:\Program Files\Web Technologies\iebt.dll (file missing) O2 - BHO: (no name) - {B8831D3D-F6E7-4612-8731-6E654CD13FFF} - (no file) O2 - BHO: (no name) - {CF9A8145-0424-491C-A2EA-75A83F04DCC3} - (no file) O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - (no file) O2 - BHO: (no name) - {D7D5A651-19C9-4F90-AE3A-5CBB1277DC20} - C:\WINDOWS\System32\mlJDvTKA.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BMb30f6ba4] Rundll32.exe "C:\WINDOWS\System32\ffdtflad.dll",s O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163994147187 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O20 - Winlogon Notify: iifedcyy - C:\WINDOWS\ O22 - SharedTaskScheduler: dysmenorrhoea - {2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4} - C:\WINDOWS\System32\jhzpcn.dll (file missing) O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 5941 bytes what does it all mean? thanks a bunch for your help you just helped me get 6 more months out of this CPU

Baabiouz View Member Profile	Jul 5 2008, 03:30 AM Post #8
Finnish Malware Fighter Group: HJT Team Posts: 937 Joined: 4-May 07 From: Finland Member No.: 128,832	Hello ibesethro. Have you ran Combofix? Can you please post contents of C:\Combofix.txt here? Have you downloaded any antivirus? (I have asked you to download) This post has been edited by Baabiouz: Jul 5 2008, 03:30 AM --------------------

Baabiouz View Member Profile	Jul 11 2008, 07:32 AM Post #9
Finnish Malware Fighter Group: HJT Team Posts: 937 Joined: 4-May 07 From: Finland Member No.: 128,832	This thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. --------------------

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides