Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About:blank


  • Please log in to reply
6 replies to this topic

#1 Arcadiobuendia

Arcadiobuendia

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 09 April 2005 - 09:01 AM

Hi to all. Sorry for my bad english, I will try to explain my problems in the best way that I can.

At first my internet start page was something like http://lookfor.pin=(numbers that I can't remember) but after a scan with spybot my Internet star page is about:blank.
I've tried to scan my pc with pest patrol, ad-aware, spybot and cw shredder, but everytime these softwares found malware and new problems.
-Always spybot find this problem: URLsearchHook.atlpz
-Always when I start Internet my Antivirus pc-cillin find a new virus like this :
TROJ_WINSHOW.T and the infected file is always different but similiar ( C:\WINDOWS\system32\kkclz.ddl and the antivirus tells me: Unable to clean infected file. The file was quarantined.
-Always during an internet connection I receive popup and ads of spyware removal and that tell me tha my pc is infected.
- In C: now I have a txt file called f2install that i can't remove even in try it in safe mode. this file is different everytime I restart my pc and everytime I enter in the web.

it is an exemple of the content of the text:
>>Install Start...
Event:0x0001012E:36:0:12184236
Event:0x0001012E:129:0:12184208
Event:0x0001012E:131:0:12184268
Include to Autorun
>>TestModule(3646901701)
Event:0x0001012E:1:0:12184172
>>SaveModule(0)
Old Path: C:\WINDOWS\sysil.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(3646901701)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(3646901701)
>>SaveModule(0)
Old Path: C:\WINDOWS\sysil.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(3646901701)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(3646901701)
>>SaveModule(0)
Old Path: C:\WINDOWS\sysil.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(3646901701)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
Event:0x0001012E:49314:0:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:49400:0:0
Event:0x0001012E:537:7:0
Event:0x0001012E:537:7:0
Event:0x0001012E:26:0:12188132
Event:0x0001012E:26:0:12188132
Event:0x0001012E:49420:0:1026
Event:0x0001012E:70:0:12187776
Event:0x0001012E:28:1:0
Event:0x0001012E:134:0:0
Event:0x0001012E:127:2:0
Event:0x0001012E:127:0:0
Event:0x0001012E:127:1:0
Event:0x0001012E:6:1:0
Event:0x0001012E:7:0:0
Event:0x0001012E:134:0:0
Event:0x0001012E:49420:0:1028
Event:0x0001012E:134:0:0
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:513
Event:0x0001012E:134:1:65838
Event:0x0001012E:70:0:12187776
Event:0x0001012E:71:0:12187776
Event:0x0001012E:131:1:12186812
Event:0x0001012E:49420:0:512
Event:0x0001012E:49420:0:514
>>Install Start...
Include to Autorun
>>TestModule(3646901701)
>>RestoreModule(0)
Path: C:\WINDOWS\lkhsez.dat
NewPath: C:\WINDOWS\system32\sysqg.dll
New BHO Key358619340
<<RestoreModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install
>>Install Start...
Include to Autorun
>>TestModule(358619340)
>>SaveModule(0)
Old Path: C:\WINDOWS\system32\sysqg.dll
New Path: C:\WINDOWS\lkhsez.dat
<<SaveModule
>>TestModule(358619340)
Before Service Found:647072535
Service File Mapping Found
Service Found
>>SaveModule(1)
Old Path: C:\WINDOWS\system32\atlww.exe
New Path: C:\WINDOWS\mcmnpc.dat
<<SaveModule
<<Install


I've tried to scan with all softwares and fix some hijack entries even in safe mode but nothing changes.
now I will post my log.

Logfile of HijackThis v1.99.1
Scan saved at 15.59.02, on 09/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atlww.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Programmi\USB ADSL\CnxDslTb.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmi\Browser MOUSE\mouse32a.exe
C:\WINDOWS\wavdriver.exe
C:\WINDOWS\system32\atlmn.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matteo\Documenti\Applicazioni\Nuova cartella\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dvawz.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0B60D6C8-61D5-09D5-6A51-907DC1B1F1C4} - C:\WINDOWS\system32\sysqg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"
O4 - HKLM\..\Run: [atlmn.exe] C:\WINDOWS\system32\atlmn.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31b3ff72e6a833...RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099305329492
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E55CDB-E6F0-4655-BE3A-BE2A10CD6FA2}: NameServer = 213.205.36.70 213.205.32.70
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\atlww.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Can someone help me?
Did you know another user with the same problems?
Thank you

BC AdBot (Login to Remove)

 


m

#2 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:01:01 AM

Posted 09 April 2005 - 11:31 AM

Hi Arcadiobuendia

I will be reviewing your log. I will return as soon as I can. :thumbsup:
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#3 Arcadiobuendia

Arcadiobuendia
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 10 April 2005 - 09:06 AM

Thank you I'll wait your answer.

#4 Arcadiobuendia

Arcadiobuendia
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 10 April 2005 - 10:02 AM

Now I tell you some news:

In my pc there are 3 programs that I can't uninstall
They are called
1Search Extender ( and when I try to uninstall it, it tells me: Unable to open http://looking-for.cc/uninstall/SearchExtender.html )
2 Home Search Assistent ( and when I try to uninstall it, it tells me: Unable to open http://looking-for.cc/uninstall/HomeSearchAssistent.html )
3 Shopping Wizard ( and when I try to uninstall it, it tells me: Unable to open http://looking-for.cc/uninstall/ShoppingWizard .html )

Did you ever hear this problem?

Edited by Arcadiobuendia, 10 April 2005 - 10:03 AM.


#5 Arcadiobuendia

Arcadiobuendia
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 10 April 2005 - 10:41 AM

Looking at the others topics I've seen that my problem is similar to this one http://www.bleepingcomputer.com/forums/ind...search+extender, but my log is different.

Can someone guide me?

this is my last log:

Logfile of HijackThis v1.99.1
Scan saved at 17.40.55, on 10/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atlww.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Programmi\USB ADSL\CnxDslTb.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmi\Browser MOUSE\mouse32a.exe
C:\WINDOWS\wavdriver.exe
C:\WINDOWS\system32\atlmn.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
c:\Programmi\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
c:\Programmi\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
c:\Programmi\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matteo\Documenti\Applicazioni\Nuova cartella\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dpaoq.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3C5C4850-36D4-6572-6140-C96039A1ECF5} - C:\WINDOWS\ipzh32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "c:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"
O4 - HKLM\..\Run: [atlmn.exe] C:\WINDOWS\system32\atlmn.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31b3ff72e6a833...RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099305329492
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E55CDB-E6F0-4655-BE3A-BE2A10CD6FA2}: NameServer = 213.205.36.70 213.205.32.70
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\atlww.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - c:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe

#6 P3-450

P3-450

    Malware Destroyer


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Location:Leeds, UK
  • Local time:01:01 AM

Posted 11 April 2005 - 11:21 AM

Hi

Download CWShredder 2.12, from the below link

http://cwshredder.net/bin/CWShredder.exe

Run it and click on the Fix Button. Let it run.

When that is done reboot.

Run another Hijackthis scan and post back the log here.
Posted Image
A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. -Sir Winston Churchill

#7 Arcadiobuendia

Arcadiobuendia
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 11 April 2005 - 08:11 PM

Hi, thank you for your support. Today I have removed this hijack successfully reading this removal guide.

http://www.short-media.com/review.php?r=259&p=2

Bye!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users