Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log- CompIdiot


  • Please log in to reply
2 replies to this topic

#1 CompIdiot

CompIdiot

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 13 July 2005 - 07:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:16:49 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\ottu.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpdll\hpdll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\raumhp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ckcquoui.exe
C:\WINDOWS\system32\cluinbe1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Aprps\CxtPls.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Tommy\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: IE Update Class - none - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0778F95A-EA27-4D10-A833-1C7E613BD1ED} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {0C668417-3CDD-1C55-83D4-1734E251B5CC} - C:\WINDOWS\system32\szdxwmef.dll (file missing)
O2 - BHO: (no name) - {17917A9A-C051-4E2E-9219-A5F1FABA03FE} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {22B4DC1B-FF66-4C33-862B-C66CBE0CA398} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {2F772CDD-8A64-4CD9-A701-C8512F8FF329} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {36C0547B-14E9-47DE-95C5-A1199D1853A8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {37B4F564-69A1-4012-816F-777615DB9B03} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {3C4374D3-BC82-4A26-8995-B1B7D07B3482} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {45337160-9026-4E20-8288-2312BE3D0276} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\55fli.dll (file missing)
O2 - BHO: (no name) - {4D074DF9-7C96-42E1-BB41-1F275E4C90A5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {4F6E9210-1722-42A8-82BE-21E964837A65} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {52E44CA9-CB9C-4BDF-A877-2391027A1EAF} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {55EC32BD-B664-4C25-9764-D7F3382AA28B} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {5F9D7B45-E9C5-4BD2-84D8-3BF8795425A6} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {61E68A5D-82B7-4142-AE62-60BEC4ED01C5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {776F9DE5-AD22-4CBF-9DD4-F7ACF4D36418} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {7CBAB5F8-E7C8-49C2-89C4-4DAB06CA34B8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {7E3B1091-5ACD-4E1A-BD21-FE5DA2B161B0} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {842829C8-1484-4282-BE59-AA3074929A42} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {8FDE9CE4-B87F-4C32-A5ED-0E4528C8B31A} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9028BB55-FC01-4C64-A006-E7ACA8C6B0E7} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {94A0115B-3875-4701-B7D7-CE08FD570C75} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BBB3750-F9EF-417B-A2C3-E60550A7B17C} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BEB19B3-72A8-470F-9E95-68B613B2D750} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BF63035-9C32-4E16-8830-1CD9D090DD7D} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {A3CE3AD6-55AC-44F2-963D-8028C547FFA8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {AD888A62-C57B-4777-8698-F647492DA4FC} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {BBFE64BF-0132-469E-B30B-97ABF04AE861} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {C0434386-1D82-4289-A31E-B3223A71AA6F} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {C58A4C2D-39CE-47D2-A697-6A06F9FF8AAD} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: SDWin32 Class - {D75EB14A-2443-46E2-93C4-85B152F99EB3} - C:\WINDOWS\System32\onzxd.dll (file missing)
O2 - BHO: (no name) - {D9C93A9B-5FC6-40D7-A4DF-700BED9792A4} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {DC36BA24-06CB-4E19-92BD-465A99DFCF0B} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {E1D464AF-06F4-48D2-B9B2-CC2795837DB5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {F7B29559-F9E2-48E9-9D0A-EE05957FD402} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {FA037025-1FC2-4D48-93F1-A1C535D2D8BA} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {FB9CA39D-A5C2-4A21-8334-5589013E9376} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [edddtc] C:\WINDOWS\System32\edddtc.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [mbmpqqi] C:\WINDOWS\system32\mbmpqqi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\raumhp.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [t7rV38g] cluinbe1.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cw09RUM4R] ckcquoui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.mindleaders.com/dpec/shared/cabs/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18adf6467ce52a...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107381296279
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\pcpusb.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Xp User\Desktop\cwshredder.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)


I just need to get rid of the TrojanClicker.Ad

BC AdBot (Login to Remove)

 


#2 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 15 July 2005 - 03:47 PM

Ctrl+alt+delete once and end the following
C:\WINDOWS\system32\ottu.exe
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\system32\raumhp.exe
C:\WINDOWS\system32\ckcquoui.exe
C:\WINDOWS\system32\cluinbe1.exe


Close all your running programs, run Hijackthis and place a check next to the following.

O2 - BHO: IE Update Class - none - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: (no name) - {0778F95A-EA27-4D10-A833-1C7E613BD1ED} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {0C668417-3CDD-1C55-83D4-1734E251B5CC} - C:\WINDOWS\system32\szdxwmef.dll (file missing)
O2 - BHO: (no name) - {17917A9A-C051-4E2E-9219-A5F1FABA03FE} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {22B4DC1B-FF66-4C33-862B-C66CBE0CA398} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {2F772CDD-8A64-4CD9-A701-C8512F8FF329} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {36C0547B-14E9-47DE-95C5-A1199D1853A8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {37B4F564-69A1-4012-816F-777615DB9B03} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {3C4374D3-BC82-4A26-8995-B1B7D07B3482} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {45337160-9026-4E20-8288-2312BE3D0276} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\55fli.dll (file missing)
O2 - BHO: (no name) - {4D074DF9-7C96-42E1-BB41-1F275E4C90A5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {4F6E9210-1722-42A8-82BE-21E964837A65} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {52E44CA9-CB9C-4BDF-A877-2391027A1EAF} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {55EC32BD-B664-4C25-9764-D7F3382AA28B} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {5F9D7B45-E9C5-4BD2-84D8-3BF8795425A6} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {61E68A5D-82B7-4142-AE62-60BEC4ED01C5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {776F9DE5-AD22-4CBF-9DD4-F7ACF4D36418} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {7CBAB5F8-E7C8-49C2-89C4-4DAB06CA34B8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {7E3B1091-5ACD-4E1A-BD21-FE5DA2B161B0} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {842829C8-1484-4282-BE59-AA3074929A42} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {8FDE9CE4-B87F-4C32-A5ED-0E4528C8B31A} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9028BB55-FC01-4C64-A006-E7ACA8C6B0E7} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {94A0115B-3875-4701-B7D7-CE08FD570C75} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BBB3750-F9EF-417B-A2C3-E60550A7B17C} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BEB19B3-72A8-470F-9E95-68B613B2D750} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {9BF63035-9C32-4E16-8830-1CD9D090DD7D} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {A3CE3AD6-55AC-44F2-963D-8028C547FFA8} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {AD888A62-C57B-4777-8698-F647492DA4FC} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {BBFE64BF-0132-469E-B30B-97ABF04AE861} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {C0434386-1D82-4289-A31E-B3223A71AA6F} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {C58A4C2D-39CE-47D2-A697-6A06F9FF8AAD} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: SDWin32 Class - {D75EB14A-2443-46E2-93C4-85B152F99EB3} - C:\WINDOWS\System32\onzxd.dll (file missing)
O2 - BHO: (no name) - {D9C93A9B-5FC6-40D7-A4DF-700BED9792A4} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {DC36BA24-06CB-4E19-92BD-465A99DFCF0B} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {E1D464AF-06F4-48D2-B9B2-CC2795837DB5} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {F7B29559-F9E2-48E9-9D0A-EE05957FD402} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {FA037025-1FC2-4D48-93F1-A1C535D2D8BA} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O2 - BHO: (no name) - {FB9CA39D-A5C2-4A21-8334-5589013E9376} - C:\Program Files\axlp9zbc\axlp9zbc.dll (file missing)
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [edddtc] C:\WINDOWS\System32\edddtc.exe
O4 - HKLM\..\Run: [mbmpqqi] C:\WINDOWS\system32\mbmpqqi.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\raumhp.exe reg_run
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [t7rV38g] cluinbe1.exe
O4 - HKCU\..\Run: [cw09RUM4R] ckcquoui.exe
O4 - Global Startup: Reboot.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18adf6467ce52a...ip/RdxIE601.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\pcpusb.dll

close all your internet explorer windows and click fix in Hijackthis.

Now locate the following files and delete them

Files:
C:\WINDOWS\system32\pcpusb.dll
C:\WINDOWS\system32\ottu.exe
C:\WINDOWS\system32\raumhp.exe
C:\WINDOWS\system32\ckcquoui.exe
C:\WINDOWS\system32\cluinbe1.exe
C:\WINDOWS\system32\edddtc.exe
C:\WINDOWS\system32\mbmpqqi.exe
C:\WINDOWS\cfgmgr52.dll
AUNPS2.DLL


Folders:
C:\Program Files\hpdll
C:\Program Files\AutoUpdate
C:\Program Files\axlp9zbc


Reboot once and post a fres Hijackthis log in your thread.

#3 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:03 PM

Posted 15 July 2005 - 03:53 PM

edit:

an advise was posted already.

Edited by g2i2r4, 15 July 2005 - 03:54 PM.



Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users