Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firstadsolution


  • Please log in to reply
7 replies to this topic

#1 JackTheVirusTerminator

JackTheVirusTerminator

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 28 December 2005 - 08:27 PM

Hi I'm new here and i've got a problem could you help me i've scanned with trend micro and ad-aware se personaland i've cleaned out all the temp files and recycle bin and here are the logs for HJT And ewido security scan report
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:03:49 PM, 12/28/2005
+ Report-Checksum: F3FD29C0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F} -> Spyware.JKSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C19EB5B1-FC58-456E-8793-384532ED5970} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\AcsProxyStub.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\GBETKXGY\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\DONT_START_THIS-olfs.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\iarsybbgr.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\od-stnd442.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Updreg.EXE -> Downloader.Agent.cp : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 11:48:50 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rwxhbyguksalbcejvdtwiw.com/F5sq...gmoQ8HUy8H.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.andrewwest.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {2589859D-3536-4D27-9EBB-0AA3F2D9E1E9} - C:\WINDOWS\mqywtlf.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {3241F33F-F869-4C66-A41E-24FEA08BF786} - C:\WINDOWS\ymqvoytn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {FC9D6B0A-7542-494E-A92C-83CB1E2A18D9} - C:\WINDOWS\moowde.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [wtmgl] wtmgl.exe
O4 - HKLM\..\Run: [browse grey name axis] C:\Documents and Settings\All Users\Application Data\DrvGridBrowseGrey\Objfour.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [2Dent] C:\DOCUME~1\Anthony\APPLIC~1\4GREY~1\bone user meal.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0550bfc4151e9a...ip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.org/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB0B925-696A-45F5-B1C3-F98C72999779}: NameServer = 203.12.160.35 203.12.160.36
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

BC AdBot (Login to Remove)

 


#2 JackTheVirusTerminator

JackTheVirusTerminator
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 29 December 2005 - 12:41 AM

Thankyou if you can help me

#3 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:46 AM

Posted 02 January 2006 - 06:52 AM

Hi,

Please post a fresh log if you still have this problem.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#4 JackTheVirusTerminator

JackTheVirusTerminator
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 03 January 2006 - 06:36 PM

Hi i've got ad.firstadsolution problems ive run trend micro adaware se personal and ewido and they got nothing but ewido got something but i still have the problem can you help me heres the HJT log




Logfile of HijackThis v1.99.1
Scan saved at 10:23:18 AM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rwxhbyguksalbcejvdtwiw.com/F5sq...gmoQ8HUy8H.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.andrewwest.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {2589859D-3536-4D27-9EBB-0AA3F2D9E1E9} - C:\WINDOWS\mqywtlf.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {3241F33F-F869-4C66-A41E-24FEA08BF786} - C:\WINDOWS\ymqvoytn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {FC9D6B0A-7542-494E-A92C-83CB1E2A18D9} - C:\WINDOWS\moowde.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [wtmgl] wtmgl.exe
O4 - HKLM\..\Run: [browse grey name axis] C:\Documents and Settings\All Users\Application Data\DrvGridBrowseGrey\Objfour.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [2Dent] C:\DOCUME~1\Anthony\APPLIC~1\4GREY~1\bone user meal.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0550bfc4151e9a...ip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.org/broadcast/ActiveXWebCam.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB0B925-696A-45F5-B1C3-F98C72999779}: NameServer = 203.12.160.35 203.12.160.36
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

#5 JackTheVirusTerminator

JackTheVirusTerminator
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 05 January 2006 - 05:29 AM

Hi, Just letting you know i am still having this problem but i will be away and wont be able to view any response until 13/14th of Jan.

Thank you,

Jack

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:46 AM

Posted 10 January 2006 - 10:12 AM

OK :thumbsup: .

Download and unzip to one folder:
http://www.fbeej.dk/Programmer/findlop.zip

Inside the folder find findlop.bat.

Double click it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 JackTheVirusTerminator

JackTheVirusTerminator
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 13 January 2006 - 11:13 PM

ok here it is
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A8C49ADB918F1237.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\anthony\applic~1\4grey~1\Basesectlist.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Anthony'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/14/2006 15:00:00
NextRun: 01/14/2006 16:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/10/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 02/03/2006 9:00:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 125
StartDate: 05/19/2004
EndDate: 00/00/0000
StartTime: 09:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

#8 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:01:46 AM

Posted 14 January 2006 - 04:57 AM

Hi

Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Copy jt.exe from the c:\findlop folder to your Windows folder: C:\WINDOWS\.

Open Notepad, copy and paste the two lines below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

@echo off
jt /sd A8C49ADB918F1237.job




Copy KillJobs.bat to your Windows folder (C:\WINDOWS\).
Double-click on "KillJobs.bat"
(if prompted, allow the file to run)[/quote]


Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a checkmark next to all these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rwxhbyguksalbcejvdtwiw.com/F5sq...gmoQ8HUy8H.html

O2 - BHO: jimmyhelp.CBrowserHelper - {2589859D-3536-4D27-9EBB-0AA3F2D9E1E9} - C:\WINDOWS\mqywtlf.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {3241F33F-F869-4C66-A41E-24FEA08BF786} - C:\WINDOWS\ymqvoytn.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {FC9D6B0A-7542-494E-A92C-83CB1E2A18D9} - C:\WINDOWS\moowde.dll (file missing)

O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [wtmgl] wtmgl.exe
O4 - HKLM\..\Run: [browse grey name axis] C:\Documents and Settings\All Users\Application Data\DrvGridBrowseGrey\Objfour.exe
O4 - HKCU\..\Run: [SearchSetter] C:\WINDOWS\System32\searchsetter[1].exe
O4 - HKCU\..\Run: [2Dent] C:\DOCUME~1\Anthony\APPLIC~1\4GREY~1\bone user meal.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0550bfc4151e9a...ip/RdxIE601.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab


Close all other windows and browsers, and press the Fix Checked button.


Delete these folders, if present:

c:\Documents and Settings\[your user]\Application Data\[strange foldername] for example "downloadmp3window"
Should be 2 folders with strange names (random words)

C:\Documents and Settings\All Users\Application Data\[strange foldername]

c:\Program Files\Adverts\ <-- this folder

c:\Program Files\MessengerPlus! 3\ <-- this folder

c:\Program Files\Strange foldername\ <-- this folder

Delete these files if present:
C:\WINDOWS\mqywtlf.dll <-- this file
C:\WINDOWS\ymqvoytn.dll <-- this file
C:\WINDOWS\moowde.dll <-- this file
c:\windows\180ax.exe <-- this file
C:\WINDOWS\System32\searchsetter[1].exe <-- this file
wtmgl.exe <-- search for this file amd delete it

Delete the these 5 icons from your desktop, if present:
"Cellphone Ringtones"
"Casino Online"
"Find a date"
"My Antivirus Update"
"Watch Live TV"

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT and post a new hijackthis log please.

Run again findlop.bat and post the log please.

Edited by Daisuke, 14 January 2006 - 05:00 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users