Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Some Help


  • This topic is locked This topic is locked
3 replies to this topic

#1 jeriq44

jeriq44

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 December 2007 - 03:33 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:12 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\qiawpbjj.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\JERICHO\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\qiawpbjj.exe,C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [287765be] rundll32.exe "C:\WINDOWS\system32\rlxkqqxb.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe

--
End of file - 6437 bytes
:thumbsup: help me to fix this brothers.... ahoooo!

BC AdBot (Login to Remove)

 


#2 jeriq44

jeriq44
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 12 December 2007 - 03:50 AM

after scanning with hijackthis log i followed the scanning by superantispyware.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/11/2007 at 11:29 PM

Application Version : 3.9.1008

Core Rules Database Version : 3359
Trace Rules Database Version: 1358

Scan type : Complete Scan
Total Scan Time : 01:11:32

Memory items scanned : 408
Memory threats detected : 2
Registry items scanned : 7015
Registry threats detected : 68
File items scanned : 58989
File threats detected : 216

Trojan.Net-NUSR
C:\WINDOWS\SYSTEM32\QIAWPBJJ.EXE
C:\WINDOWS\SYSTEM32\QIAWPBJJ.EXE
C:\WINDOWS\Prefetch\QIAWPBJJ.EXE-378AAE8D.pf

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\RLXKQQXB.DLL
C:\WINDOWS\SYSTEM32\RLXKQQXB.DLL
HKLM\Software\Classes\CLSID\{9b598811-088f-4050-8aef-7b51a799277c}
HKCR\CLSID\{9B598811-088F-4050-8AEF-7B51A799277C}
HKCR\CLSID\{9B598811-088F-4050-8AEF-7B51A799277C}\InprocServer32
HKCR\CLSID\{9B598811-088F-4050-8AEF-7B51A799277C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BVVNARER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b598811-088f-4050-8aef-7b51a799277c}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4196FE45-254F-4D4A-A274-86623C027E60}\RP378\A0178049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4196FE45-254F-4D4A-A274-86623C027E60}\RP380\A0178163.DLL
C:\WINDOWS\SYSTEM32\CWWMBATU.DLL
C:\WINDOWS\SYSTEM32\CXIDLRCP.DLL
C:\WINDOWS\SYSTEM32\GMSHOKQC.DLL
C:\WINDOWS\SYSTEM32\IAMWOIXU.DLL
C:\WINDOWS\SYSTEM32\IKGTYCIH.DLL
C:\WINDOWS\SYSTEM32\JQYPKNDK.DLL
C:\WINDOWS\SYSTEM32\OLKPOTIH.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{829CAAED-C33D-48A2-821E-0A9BE1D8BD26}
HKCR\CLSID\{829CAAED-C33D-48A2-821E-0A9BE1D8BD26}
HKCR\CLSID\{829CAAED-C33D-48A2-821E-0A9BE1D8BD26}\InprocServer32
HKCR\CLSID\{829CAAED-C33D-48A2-821E-0A9BE1D8BD26}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMKJI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{829CAAED-C33D-48A2-821E-0A9BE1D8BD26}

Adware.E404 Helper/Hij
HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
C:\PROGRAM FILES\HELPER\FREESEARCHCLUB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.AdBreak
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}

411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

Adware.404Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}

Trojan.Downloader-FakeRX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66E72884-4FD2-464F-A6B8-468F31C40E36}
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\Implemented Categories
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\InprocServer32
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\InprocServer32#ThreadingModel
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\ProgID
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\Programmable
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\TypeLib
HKCR\CLSID\{66E72884-4FD2-464F-A6B8-468F31C40E36}\VERSION
C:\WINDOWS\SYSTEM32\QIAWPBJJ.DLL

Adware.Accoona
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}

Trojan.PBar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}

Adware.Tracking Cookie
C:\Documents and Settings\JERICHO\Cookies\jericho@rotator.adjuggler[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@login.tracking101[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@statsgod[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@1-tech-media[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adinterax[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@try.starware[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@stats2.reliablestats[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@apmebf[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@4.adbrite[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@scanner.malware-scan[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@enhance[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@stats.adbrite[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.afy11[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adrevolver[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@cgi-bin[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.adbrite[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@2.marketbanker[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@stat.dealtime[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@hosted.zango[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@directtrack[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@upspiral[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@shopping.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@fliptrack[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adbrite[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@mediacorp.com[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@nba.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@1-digital-media[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.w3counter[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@brightcove.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[4].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@msnportal.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@winantivirus[3].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@winantispyware[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@cgi-bin[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@azjmp[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@hotsexyvideos[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.hornymatches[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@2-digital-media[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@zango[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@lstat.youku[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@atdmt[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adrevolver[3].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@metacafe.122.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.yieldmanager[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@sexyescortads[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@revsci[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@crackle[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@incentreward.directtrack[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.winantispyware[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.adengage[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@catalog[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@try.screensavers[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.zanox-affiliate[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@4-digital-media[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[3].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.upspiral[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adserving.muppetism[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[5].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.crakmedia[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@tremor.adbureau[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@1-electronic-media[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@i.screensavers[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@stats1.reliablestats[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.zanox[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.realtechnetwork[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.veoh[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ptc.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@image.masterstats[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@screensavers[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@3.adbrite[3].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.mediacorpradio[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@richmedia.yahoo[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@clicks.adengage[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@hornymatches[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@3-digital-media[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@specificclick[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@questionmarket[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@media.adrevolver[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.teenwag[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.admedia365[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.revsci[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@thebestporn[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@clicks.smartbizsearch[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adsrevenue[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@clickbank[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@statse.webtrendslive[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@trooperporn[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ads.artifice[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@doubleclick[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.googleadservices[6].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@spamfighter.112.2o7[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adlegend[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@h.starware[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@1-mainstream-media[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@www.zango[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@1.primaryads[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@a.websponsors[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ad.cibleclick[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ad.reunion[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@adopt.hbmediapro[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@adopt.hotbar[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@adprofile[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.a8ww[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.as4x.tmcs[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.digitalpoint[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.monster[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ads.ussearch[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@adultcheck[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@agoramedia[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@apmebf[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@azjmp[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@c3.gostats[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@click.absoluteagency[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@coolsavings[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@cts.metricsdirect[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@directtrack[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@emarketmakers[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@funwebproducts[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@gostats[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@hotbar[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@i.screensavers[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@icc.intellisrv[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@indextools[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ipt.advertserve[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@itimenetwork.directtrack[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@lynxtrack[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@media101.sitebrand[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@monster.gostats[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@mywebsearch[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@optimost[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@perfectpaycheck.directtrack[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@rb4.worldsex[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@saletrack.co[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@sexinfotoys[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@sfp.directtrack[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@smileycentral[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@spamblockerutility[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@ssexpress[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@tagworld[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@toplist[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@track.dmipartners[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@tripod[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@tropicaltraditions[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@waterfrontmedia[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@webpower[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.adultplayersclub[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.azoogleads[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.maxrevenue[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.porninspector[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.prospermedia[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.riverbelle[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.rowise[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.screensavers[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.sexinfo101[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.teenybopperclub[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.tropicaltraditions[2].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.twilightsex[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.xxxproposal[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@www.zanox-affiliate[1].txt
C:\Documents and Settings\aiscdetailers only\Cookies\aiscdetailers only@xiti[1].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@3.adbrite[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.yieldmanager[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.yieldmanager[3].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@ad.yieldmanager[4].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@adserving.muppetism[2].txt
C:\Documents and Settings\JERICHO\Cookies\jericho@statse.webtrendslive[2].txt
C:\Documents and Settings\TAONG LABAS!!!!\Cookies\taong labas!!!!@i.screensavers[1].txt
C:\Documents and Settings\TAONG LABAS!!!!\Cookies\taong labas!!!!@superstats[1].txt
C:\Documents and Settings\TAONG LABAS!!!!\Cookies\taong labas!!!!@www.screensavers[1].txt

Adware.WhenU
C:\Program Files\Save
C:\Program Files\Common Files\WhenU

Adware.IST/YourSiteBar
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid
HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid32
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid
HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1343024091-776561741-725345543-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\JERICHO\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\G1E3CTEF\SETUP[2].EXE

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\JERICHO\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RIW3Y9AH\Q326[1].EXE

Adware.eZula
C:\RECYCLER\S-1-5-21-1343024091-776561741-725345543-1003\DC7219

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4196FE45-254F-4D4A-A274-86623C027E60}\RP335\A0165817.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4196FE45-254F-4D4A-A274-86623C027E60}\RP338\A0166907.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4196FE45-254F-4D4A-A274-86623C027E60}\RP341\A0168040.DLL
C:\WINDOWS\SYSTEM32\DHWDNKQW.DLL
C:\WINDOWS\SYSTEM32\GEGSFGUQ.DLL
C:\WINDOWS\SYSTEM32\TGTXRXJW.DLL

Trojan.FakeDrop-764
C:\WINDOWS\764.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ABADD.BAK1
C:\WINDOWS\SYSTEM32\ABADD.INI
C:\WINDOWS\SYSTEM32\RRQSS.BAK1
C:\WINDOWS\SYSTEM32\RRQSS.INI
C:\WINDOWS\SYSTEM32\TSTWA.BAK1
C:\WINDOWS\SYSTEM32\TSTWA.INI

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWVVW.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\FEIXDQKU.EXE
C:\WINDOWS\SYSTEM32\RNWNPPBU.EXE
C:\WINDOWS\SYSTEM32\SGSWTPRQ.EXE
C:\WINDOWS\SYSTEM32\WGRRUINP.EXE

Trojan.Unclassified/SLDR
C:\WINDOWS\SYSTEM32\LWINUPDATE.EXE

Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE

Trojan.Downloader-DRAlike/Gen
C:\WINDOWS\SYSTEM32\TMRSR.EXE




:thumbsup: is my computer already safe from worms? please advise me to do additional test at my pc....
:blink: thanks brothers

Edited by KoanYorel, 12 December 2007 - 09:53 AM.
To merge posts


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:57 PM

Posted 17 December 2007 - 08:59 PM

Hello jeriq44,

Welcome to Bleeping Computer :blink:

Could you please post a new HijackThis log for me to look at? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:57 PM

Posted 12 January 2008 - 11:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users