Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Downloader.MDW;Downloader.USY


  • This topic is locked This topic is locked
4 replies to this topic

#1 comply

comply

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 15 October 2008 - 01:23 AM

I have Downloader.MDW and Downloader.USY on my computer that I can't seem to get rid of. I've tried Adaware and Spybot and AVG keeps failing to install. I used the Panda online checker and it said it removed them both but they're still here. Anyway I'm fresh out of ideas and can't seem to find any definite way to get rid of them.

IEXPLORE.EXE keeps popping up with random ads and my computer randomly makes noises.

Up until this happened I let friends use my computer when I was at work/away. No more of that.

Here's my HJT log. It doesn't show IEXPLORE.EXE on but I had just rebooted so maybe it hasn't gone into "annoy everyone" mode yet.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11, on 10-15-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Anti-Virus\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Comply\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\IFECSjJo.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Anti-Virus\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4121 bytes




Any help is appreciated thanks (:

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:06 PM

Posted 15 October 2008 - 02:20 AM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 comply

comply
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 15 October 2008 - 08:52 PM

Here's my Avira report. I used to have AVG installed but reformatted and haven't been able to get AVG to install correctly again. My fault.

Avira AntiVir Personal
Report file date: 2008-10-15 18:39

Scanning for 1686590 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: SEAN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 16:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 15:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 20:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 15:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 18:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 21:54:15
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 2008-10-08 00:27:36
ANTIVIR3.VDF : 7.0.7.45 241664 Bytes 2008-10-15 00:27:39
Engineversion : 8.2.0.4
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-16 00:28:09
AESCRIPT.DLL : 8.1.1.8 319866 Bytes 2008-10-16 00:28:07
AESCN.DLL : 8.1.1.3 123252 Bytes 2008-10-16 00:28:03
AERDL.DLL : 8.1.1.2 438644 Bytes 2008-10-16 00:28:00
AEPACK.DLL : 8.1.2.4 369014 Bytes 2008-10-16 00:27:58
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 2008-10-16 00:27:55
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 2008-10-16 00:27:53
AEHELP.DLL : 8.1.1.2 115062 Bytes 2008-10-16 00:27:48
AEGEN.DLL : 8.1.0.41 319861 Bytes 2008-10-16 00:27:47
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-16 00:27:45
AECORE.DLL : 8.1.2.6 172406 Bytes 2008-10-16 00:27:42
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-16 00:27:41
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 16:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 17:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-16 00:27:40
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 19:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 16:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 20:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 01:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 20:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 20:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 21:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 21:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-10-15 18:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\73MJU96V\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] A backup was created as '495a8ecb.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\73MJU96V\zxcv[1].pdf
[DETECTION] Contains recognition pattern of the JS/Dldr.Psyme.GX.3 Java script virus
[NOTE] A backup was created as '49598ee5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\CPK9SHOD\count[1].htm
[DETECTION] Contains recognition pattern of the JS/Dldr.Agent.cst Java script virus
[NOTE] A backup was created as '496b8f0d.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\F3LR758C\asdf[1].pdf
[DETECTION] Contains recognition pattern of the JS/Dldr.Psyme.GX.3 Java script virus
[NOTE] A backup was created as '495a8f3a.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\KXGB0J2X\count[1].htm
[DETECTION] Contains recognition pattern of the JS/Dldr.Agent.cst Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\MDVKPKRI\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\ORJR2WT5\zxcv[1].pdf
[DETECTION] Contains recognition pattern of the JS/Dldr.Psyme.GX.3 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Comply\Local Settings\Temporary Internet Files\Content.IE5\UJ8F4HC1\qwe[1].htm
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0P6J0LIJ\zxcv[1].pdf
[DETECTION] Contains recognition pattern of the JS/Dldr.Psyme.GX.3 Java script virus
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8FU7STUN\asd[2].htm
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CPQ7SXMJ\zxcv[1].pdf
[DETECTION] Contains recognition pattern of the JS/Dldr.Psyme.GX.3 Java script virus
[NOTE] The file was deleted!
C:\System Volume Information\_restore{10FDA29E-3668-4A49-A785-442BA666A82D}\RP75\A0018871.exe
[DETECTION] Is the TR/Dldr.VB.gie Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{10FDA29E-3668-4A49-A785-442BA666A82D}\RP75\A0018874.dll
[DETECTION] Is the TR/Dldr.BHO.PE Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{10FDA29E-3668-4A49-A785-442BA666A82D}\RP82\A0019076.dll
[DETECTION] Is the TR/Dldr.BHO.PE Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{10FDA29E-3668-4A49-A785-442BA666A82D}\RP86\A0019582.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{10FDA29E-3668-4A49-A785-442BA666A82D}\RP86\A0019583.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\ifecs3j8.exe_
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\IFECSjJo.dll
[DETECTION] Is the TR/Dldr.BHO.PE Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 2008-10-15 19:41
Used time: 1:01:51 Hour(s)

The scan has been done completely.

11905 Scanning directories
485701 Files were scanned
18 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
18 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
485681 Files not concerned
2797 Archives were scanned
2 Warnings
18 Notes





And here's the HJT log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:52, on 10-15-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Anti-Virus\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Comply\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\IFECSjJo.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Anti-Virus\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4793 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:06 PM

Posted 16 October 2008 - 12:29 AM

Hi,


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following:

O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\IFECSjJo.dll (file missing)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:06 PM

Posted 25 October 2008 - 10:02 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users